RFC 2547 bis, a standard issued by Internet Engineering Task Force (IETF), defines a VPN model, where the network comprises the Service Provider's backbone (common network) and customer sites where a VPN is a set of sites. The main functionality of the VPN is to construct a private network by using the resources of a common network, and the common network guarantees the security and privacy of the private network. Since the VPN of this model is mostly implemented with the MPLS (Multiple Protocol Label Switching) and BGP (Border Gateway Protocol), therefore it is called BGP/MPLS VPN.
As shown in FIG. 1, in a BGP/MPLS VPN, customer sites access to the backbone through Customer Edge Routers (CE), and the backbone connects with CEs through Provider Edge Routers (PE). PE and CE exchange route information with each other. CE issues the route information of its own site to the connected PE, and obtains the route information of other sites in the VPN from the said PE.
The VPN Routing and Forwarding (VRF) table implements route information exchange between a PE and a CE. Every CE is associated with a logically different VRF on the PE to which the CE is connected; the PE stores route information that has been obtained from a CE in the VRF associated with the said CE, and transfers other route information in the associated VRF to the CE. Meanwhile different PEs exchange route information with each other in their VRFs: a PE transfers its VRF route information to other PEs, and stores route information from other PEs in its own VRFs.
Now refer to FIG. 1, customer A leases a VPN with two sites from the service provider: Site1 and Site2, which access the provider network through CE1 and CE2, respectively. PE1 and PE2 are access devices of the provider network for CE1 and CE2, respectively, and PE1 has assigned VRF1 to CE1 while PE2 has assigned VRF2 to CE2. During routing information exchange between PE1 and CE1, PE1 stores the routing information learned from CE1 in VRF1 while CE1 learns routing information from VRF1. Similarly, during the routing information exchange between PE2 and CE2, PE2 stores the routing information learned from CE2 in VRF2 while CE2 learns routing information from VRF2. During the routing information exchange between PE1 and PE2, PE2 stores the routing information learned from VRF1 in VRF2 while PE1 stores the routing information learned from VRF2 in VRF1. In this way, CE1 and CE2 exchange their routing information through the provider network, thereby the VPN is created.
In practice, a network may have a plurality of customers and VPNs, so it is necessary to control exchange of routing information between VRFs. As shown in FIG. 2, two customers, customer A and customer B, lease VPN A and VPN B, respectively, from the service provider, and the networking of VPN A is the same as that shown in FIG. 1. For VPN B, Site B-1 of customer B accesses VPN B through CE-B1, which accesses the provider network through PE3. PE3 has assigned VRF3 to CE-B1. In this case, since VRF3 does not belong to the VPN which VRF1 and VRF2 belongs to, VRF3 should not learn about the routing information transferred from VRF1 and VRF2. This means that during routing information exchange between PEs, a method is needed to prevent information exchange between VRFs of different VPNs.
In a BGP/MPLS VPN, a Route Target (RT) attribute is used to solve the above problem. Each VRF has one or more RT attributes, and the RT attributes are classified into two types: the import type and the export type. A VRF may define arbitrarily that an RT is of the import type or export type. When issuing the routing information on a network, a VRF appends its own export RT value to the routing information. When another PE receives the routing information, it will check whether the import RT value in one of its VRFs equals to the appended export RT value; if so, the PE will insert the routing information in the said VRF.
As shown in FIG. 3, the network of FIG. 2 has assigned for VRF1 two RT values: import 100:1 and export 100:2. The former RT shows it is of the import type with a value 100:1, and the latter RT shows it is of the export type with a value 100:2. When PE1 issues the routing information of VRF1, the export RT value 100:2 of VRF1 is appended. Upon receiving the routing information of VRF1, PE2 finds that the appended RT value 100:2 equals to the import RT value 100:2 of its own VRF2, so PE2 inserts the routing information of VRF1 in VRF2. Since there is no import RT value in VRF3 on PE3 that is equal to the export RT value of 100:2, the routing information of VRF1 will not be inserted in VRF3 on PE3. In this way, it is guaranteed that there is no routing information exchanging between VRFs of different VPNs.
It is seen from the above description that CE1 and CE2 contain each other's routing information. That is, CE1 and CE2 are connected to each other, and as each site accesses the provider network through its own CE, for the reason of simplicity, no differentiation is hereinafter made between CEs and sites.
It is seen from FIG. 3 that RT values determine the connections between CEs. All connections between CEs can be obtained if all RT values in the network are known. One important function of the network manager of the BGP/MPLS VPN is to assign RT attribute values in accordance with the configuration of VPN. With the RT attribute values, connections between CEs can be identified, i.e. it can be determined which VPN a CE belongs to.
The simplest approach for assigning RT is: when adding a site to the VPN, each connected pair of CEs is assigned with a different RT value. As shown in FIG. 4, there is a VPN with three sites, and the three CEs are connected with each other; three PEs assign VRFs with different RT attributes to the three CEs respectively. Specifically, the assigning scheme includes three parts:
1. PE1 assigns import 100:1 and export 100:2 to CE1 and PE2 assigns import 100:2 and export 100:1 to CE2 so that CE1 and CE2 have a direct connection;
2. PE1 assigns import 100:3 and export 100:4 to CE1 and PE3 assigns import 100:4 and export 100:3 to CE3 so that CE1 and CE3 have a direct connection;
3. PE2 assigns import 100:6 and export 100:5 to CE2 and PE3 assigns import 100:5 and export 100:6 to CE3 so that CE2 and CE3 have a direct connection.
However, with the above assigning approach adopted, the number of RT attribute values in a VRF will increase along with the increase number of sites. Moreover, as assigning of RT values is not properly associated with the VPN, the network manager, upon obtaining the RT values in the network, can only learn the connections between CEs, but cannot determine whether the CEs having connections with each other belongs to the same VPN. For example, in FIG. 4, the network manager can identify that there are connections between CE1 and CE2, CE2 and CE3, CE1 and CE3, but it is impossible to determine whether the three CEs: CE1, CE2 and CE3 belong to the same VPN.
To solve the problem discussed above, a CE Route Community (CERC) concept is put forward. A VPN usually consists of several CERCs. But the simplest situation is that one VPN has only one CERC. Based on the concept of CERC, two networking models are put forward for a VPN consisting of a plurality of sites: the Full Mesh model and the Hub Spoke model. In the Full Mesh model of CERC, as shown in FIG. 5, every two CEs are in connection while in the Hub Spoke model, as shown in FIG. 6, the Hub CE is in connection with all other CEs, but the Spoke CE is only in connection with the Hub CE. The CERC of Full Mesh model may be considered as a special case of the Hub Spoke model CERC, in which every CE is a Hub CE.
The network manager assigns two different RT values to each CERC: one for Hub RT and one for Spoke RT. When a new CE joins the CERC, it can be assigned an RT table according to its type, i.e. the Hub CE or the Spoke CE. For a Hub CE, the assigned RT table contains import hub RT, import spoke RT and export hub RT while for a Spoke CE, the assigned RT table contains import hub RT and export spoke RT.
FIG. 5 and FIG. 6 show a VPN with three sites. FIG. 5 shows a Full Mesh model CERC and FIG. 6 shows a Hub Spoke model CERC.
In the prior art, a network manager assigns an RT table in the order as follows: first, defines a VPN; secondly, defines a CERC in the VPN and assigns two RT values to the CERC; thirdly, makes the customer add CEs to the defined CERC by other means, then an RT table for the CEs is obtained. By dividing a VPN into CERCs and assigning RTs with the help of CERC, the VPN can be well associated with the RT. Nevertheless, there is so far no method put forward, by products or in articles, for making a reverse deduction: when the RT table assigned to a CE is known, how to determine which CERC the CE belongs to and whether the CE is a Hub CE or a Spoke CE in the CERC.