This invention relates to virtual private networks (VPNs) and, more particularly, to the provision of temporary access for predetermined applications across VPNs.
Consider a network operated by a Provider (or a cooperating set of Providers) that includes routers, and Provider Edge (PE) routers through which the provider connects to customer sites. More particularly, customers connect to PEs through Customer Edge (CE) devices, where a CE device can be a host, a switch, or a router to which numerous customer systems (for example, PCs) can be connected. Consider further that any number of subsets can be created from the set of sites, and the following rule is established: two sites may have IP interconnectivity through the network only if both of the two sites belong to some given one of those subsets. Each of the subsets thus created forms a virtual private network (VPN), which is defined, effectively, by the fact that only members that belong to a common VPN can communicate with each other.
One known arrangement that accommodates VPNs is the MPLS (multi-protocol label switching) network. A description of the network is found in E. Rosen and Y. Rekhter, titled “BGP/MPLS VPNs,” Internet Engineering Task Force (IETF), RFC2547, March 1999, http://www.faqs.org/rfcs/rfc2547.html, which is incorporated herein by reference.
It is precisely the defining attribute of VPNs—that of not allowing two systems to intercommunicate unless they both belong to some common VPN—that presents a problem for some applications, where it is desirable to allow systems to communicate without regard to VPNs. One such application, illustratively, is voice over IP (VoIP), where, much like in the PSTN environment, it is desirable to allow any system A to communicate with any other system B, even if system B does not belong to any VPN to which system A belongs.
The conventional solution to this problem is to send packets to a PSTN gateway, “hop-off” to the PSTN, and re-enter the network at a gateway with which the destination site is willing to communicate. This assumes, of course that the VPNs are willing to accept packets from the PSTN. Another solution is to use special crossover routers, but that represents an expense.