Service providers of data center computing resources provide a centralized arrangement which allows network and infrastructure resources to be shared among separate customers. This is typically accomplished by providing each customer its own virtual network within the data center. Such may be useful, for example, in an “ecommerce” environment where a service provider implements a data center to provide web server and data server computing resources to multiple customers. As used herein, the term “data center” refers to a facility that is typically secured and is used to provide computing resources, such as web hosting, to different communities of users.
As the need for shared and scalable network computing resources increases, so too does the need for solutions which facilitate scalability in a manner is not disruptive to customers. For example, if the growth of Customer A necessitates the installation of a new web server, current technology may require that data center services for Customers B & C be disrupted or taken off line while the new server for Customer A is installed and the data center network configured to include the new server.
A network can be divided into seven layers according to the known Open System Interconnect (“OSI”) model. A Physical layer 1 defines all the electrical and physical specifications for devices. This includes the layout of pins, voltages, and cable specifications. Network adapters and cables are physical-layer devices. A Data link layer 2 provides the functional and procedural means to transfer data between network entities on a LAN (or Virtual LAN) and detect and possibly correct errors that may occur in the Physical layer. Data link layer 2 is the layer at which bridges and switches operate. Connectivity is provided among locally attached network nodes forming Data link layer 2 domains for unicast or broadcast forwarding. A Network layer 3 provides functional and procedural means of transferring variable length data sequences from a source to a destination via one or more networks. Network layer 3 performs network routing functions, and might also perform segmentation and desegmentation, and report delivery errors. Routers operate at Network layer 3, routing data throughout an extended network such as the Internet. Network layer 3 also provides logical addressing and provides end-to-end data transport from the source machine to the destination machine across multiple Data link layer 2 instances. Other OSI Layers transfer data transparently between end users (layer 4), control connections between computers (layer 5), transform data to provide a standard interface (layer 6), and allow a user to access information on the network through an application (layer 7).
A Virtual LAN (“VLAN”) is well known today and is implemented by one or more programmed switches such as one or more access switches. A switch is a device that performs transparent bridging, i.e., connection of multiple network segments with forwarding based on MAC addresses. A MAC address is a unique identifier of a respective computing device, and can be “burned-in” to a network interface card of the computing device. Communication of message packets within a VLAN uses OSI Model Data link layer 2 protocol. Data link layer 2 is implemented by hardware and software functions within the switch. To implement a VLAN, the access switch includes a MAC address table for each VLAN which lists which computing device(s) (by MAC address) are logically resident on which interface. An incoming message specifies the MAC address of the target device and is associated with a particular VLAN based on the interface from which it was received. Typically, the switch will look up the address in the MAC address table. If the address is found, the switch will forward the message to the destination through the identified interface. Otherwise, the switch will forward the message through all interfaces associated with the VLAN. All computing devices on the VLAN continually monitor all message packets on their subnet and “listen” for message packets bearing their own MAC address. When a computing device on the VLAN detects a message packet bearing its own MAC address as a destination device, the computing device receives and processes the message packet. Otherwise, the computing device ignores the remainder of the message packet.
Current arrangements and methods for securely and virtually separating multiple customers from their computing resources over a shared local area network (LAN) Ethernet infrastructure has been primarily accomplished through the use of layer 2 and VLAN technologies. Though layer 2 technologies are intended to maintain a loop-free environment (such as through the implementation of spanning-tree algorithms) and offer a flexible stable and secure connectivity approach, layer 2 technologies are limited by their inability to scale as the network infrastructure continues to grow over time. This makes the entire data center network design vulnerable, threatening the overall infrastructure, customer and their resources, and making it less cost effective to support and manage as changes and problems occur. For example, adding a server to a switch and reconfiguring the switch to accommodate the new server as part of a customer's virtual private network (“VPN”) can trigger spanning-tree recalculations that impacts other customers. It is therefore desirable to have a data center system that allows for the implementation and expansion of a customer's VPN in a manner that is secure but is not disruptive to other customers. VPNs allow multiple customers to share the same physical network infrastructure while each customer's traffic remains logically separate.
In computer networking and telecommunications, a known Multi Protocol Label Switching (“MPLS”) function is a data-carrying function which emulates some properties of a circuit-switched network over a packet-switched network. MPLS operates at an OSI layer that lies between traditional definitions of Data link layer 2 and Network layer 3, but closer to Network layer 3 than Data link layer 2, and therefore, will be considered Network layer 3. MPLS networks benefit from the advantages of OSI layer 3 routing and re-routing in the event of network changes and reconfiguration. However, because of the complexities of configuration and network management, MPLS networks are typically implemented in large-scale wide area networks to provide campus to campus VPNs where changes to customer's networks that would necessitate configuration changes are infrequent. However, the use of a strictly MPLS network in a shared data center environment is expensive and inefficient, and requires a disproportionate amount of personnel because of the frequency of changes in customers' data center requirements. For example, holiday periods may necessitate that customers in the on-line retail business add servers, and then remove those servers when the holiday period is over. Such may also be the case where a web or data server experiences a failure, and a replacement server must be quickly brought on-line. It is therefore desirable to have a data center network system and method that allows the use of OSI layer 3 devices in a manner that does not require frequent configuration and re-configuration of these devices, yet provides the robust routing and VPN environment characteristic of OSI layer 3 networks.