A computer network is a collection of interconnected computing devices that exchange data and share resources. In a packet-based network, such as the Internet, the computing devices communicate data by dividing the data into small blocks called packets. The packets are individually routed across the network from a source device to a destination device. The destination device extracts the data from the packets and assembles the data into its original form. Dividing the data into packets enables the source device to resend only those individual packets that may be lost during transmission.
A private network may include a number of devices, such as computers, owned or administered by a single enterprise. These devices may be grouped into a number of site networks, which in turn may be geographically distributed over a wide area. Each site network may include one or more local area networks (LANs). With the advent of Virtual Private Network (VPN) technology, enterprises can now securely share data between site networks over a public network, such as the Internet. In a typically implementation, one or more “network tunnels” are engineered through the intermediate network to transport data and other network communications between the geographically distributed sites.
One form of a VPN is generally referred to as “MPLS VPN” in which Multi-Protocol Label Switching (MPLS) tunnels are used as a transport mechanism. MPLS is a mechanism used to engineer traffic patterns within Internet Protocol (IP) networks. By utilizing MPLS, a source device can request a path through a network to a destination device, i.e., a Label Switched Path (LSP), to carry MPLS packets from the source device to a destination device. Each router along an LSP allocates a label and propagates the label to the closest upstream router along the path for use in forwarding MPLS packets along the path. Routers along the path cooperatively perform MPLS operations to forward the MPLS packets along the established path.
An MPLS VPN combines the tunneling processes of MPLS with virtual routing and forwarding (VRF) and features of border gateway protocol (BGP) to create a VPN. When a VPN is established within a network, devices for the VPN each include VPN-specific VRF tables. Greater details regarding VPNs, specifically VPNs implemented using BGP and MPLS are discussed in E. Rosen and Y. Rekhter, “BGP/MPLS IP Virtual Private Networks (VPNs),” RFC 4364, February 2006, available at http://tools.ietf.org/html/rfc4364, and L. Andersson and T. Madsen, “Provider Provisioned Virtual Private Network (VPN) Terminology,” RFC 4026, March 2005, available at tools.ietf.org/html/rfc4026, the entire contents of each of which are incorporated by reference in their respective entireties.
Other forms of tunneling may be used instead of or in conjunction with MPLS. For example, another commonly used tunneling protocol is the Generic Routing Encapsulation (GRE) protocol which is typically used to encapsulate packets within Internet Protocol (IP) tunnels, thereby creating a virtual point-to-point link between devices, such as routers.
RFC 4364 describes various scenarios in which two sites of a VPN are connected to different Autonomous Systems (ASs). For example, the two sites may be connected to different service providers (SPs). In such instances, RFC 4364 recognizes that provider edge (PE) routers associated with that VPN cannot maintain interior BGP (IBGP) connections with each other. Thus, RFC 4364 describes the use of exterior BGP (EBGP) to distribute VPN-IPv4 addresses and labeled VPN-IPv4 routes.