The invention relates generally to the field of Internet Protocol (IP) networks and more particularly, to distribution of private network information over shared network infrastructure.
With the growing popularity of the Internet and networks in general, there is a trend towards centralized network services and centralized network service providers. To be profitable, however, network service providers need to constantly maintain and if possible enlarge their customer base and their profits. However, leased line services are coming under increased competition causing profit margins to decrease for these providers. Thus, an increased number of providers are trying to attract small and medium sized businesses by providing centralized network management.
There has been difficulty providing this service, however, due to address conflicts, security problems and performance problems. Historical independent network development has resulted in conflicting and overlapping address space between the individual networks and the management networks.
Others have attempted to solve these problems by using encapsulating techniques, such as internet protocol (IP) tunneling, to separate network traffic from unrelated networks. Currently, IP tunnels are point to point links established between routers which are statically configured by a network operator. This method, however, suffers from many of the same problems discussed above. Inter-network security can not be guaranteed in IP tunneling as it relies upon customer premise equipment to be correctly configured. Further, performance can be a problem since routing disturbances caused by one customer may affect the routing performance of another customer""s network.
Accordingly there exists the need for a device which allows the implementation of separate virtual private networks over common infrastructure while providing security and sufficient performance to each network.
The need also exists for such a device which employs encapsulation techniques.
The need also exists for such a device which automatically configures the virtual private networks.
The need further exists for such a device which allows for broadcasting private traffic through a shared network.
It is accordingly an object of the present invention to provide a device which allows the implementation of separate virtual private networks over common infrastructure while providing security and sufficient performance to each network.
It is another object of the invention to provide such a device which employs encapsulation techniques.
It is another object of the invention to provide such a device which automatically configures the virtual private networks.
It is another object of the invention to provide such a device which allows for broadcasting private traffic through a shared network.
These and other objects of the invention will become apparent to those skilled in the art from the following description thereof.
It has now been discovered that these and other objects may be accomplished by the present virtual private networks which enables private communications over a shared network, between at least two private networks. The present invention includes multiple routers selectively connectable to the shared network such that each of the routers is assigned at least one shared network address, at least one private network address and at least one virtual private network identifier. Each router also includes a controller which is configured to communicate a router configuration message over the shared network. The router configuration message includes the shared network address, the private network address and the virtual private network identifier.
In an embodiment, the invention may include multiple routing means, logically connected together across a shared network, for routing communications between the private networks. It also may include determining means, connected to each of the routing means, for determining all members of a particular virtual private network.
In another embodiment, the invention includes a method of automatically configuring virtual private networks over a shared network. The method may include assigning a shared network address and a virtual private network identifier to a router which is connected to the shared network. It may also include assigning another shared network address and the same virtual private network identifier to another router connected to the same shared network. It may include determining configuration information about the first router such that the configuration information includes the shared network address and the virtual private network identifier of the first router. It may also include communicating the configuration information to the second router.
The invention will next be described in connection with certain illustrated embodiments; however, it should be clear to those skilled in the art that various modifications, additions and subtractions can be made without departing from the spirit or scope of the claims.