With the growing popularity of the Internet and networks in general, there is a trend towards centralized network services and centralized network service providers. To be profitable, however, network service providers need to constantly maintain and if possible enlarge their customer base and their profits. Since leased line services are coming under increased competition, profit margins have been decreasing for these providers. Thus, an increased number of providers are trying to attract small and medium sized businesses by providing centralized network management.
Network providers are offering Virtual Private Networks (VPNs) to interconnect various customer sites that are geographically dispersed. VPNs are of great interest to both providers and to their customers because they offer privacy and cost efficiency through network infrastructure sharing. There has been difficulty providing this service, however, due to address conflicts, security problems, scalability issues and performance problems. Historical independent network development has resulted in conflicting and overlapping address space between the individual networks and the management networks.
Various VPN models have been proposed with various degrees of security, privacy, scalability, ease of deployment and manageability. For example, some providers have attempted to solve the problems by using encapsulating techniques, such as internet protocol (IP) tunneling, to separate network traffic from unrelated networks. Currently, IP tunnels are point to point links established between routers which are statically configured by a network operator. This method, however, suffers from many of the same problems discussed above. Inter-network security can not be guaranteed in IP tunneling as it relies upon customer premise equipment to be correctly configured. Further, performance can be a problem since routing disturbances caused by one customer may affect the routing performance of another customer's network.
Accordingly there exists the need for a system which allows the implementation of separate virtual private networks over common infrastructure while providing security and sufficient performance to each network.
The need also exists for such a device which automatically configures the virtual private networks.
The need further exists for such a system which allows for communicating private traffic through a shared network.
It is accordingly an object of the present invention to provide a system which allows the implementation of separate virtual private networks over common infrastructure while providing security and sufficient performance to each network.
It is another object of the invention to provide such a system which employs Multi-Protocol Label Switching.
It is another object of the invention to provide such a system which automatically configures the virtual private networks.
It is another object of the invention to provide such a system which allows for communication of private traffic through a shared network.
It is another object of the present invention to provide such a system which allows the Virtual Private Network to appear as a local area network like broadcast media.
These and other objects of the invention will become apparent to those skilled in the art from the following description thereof.