1. Field of the Invention
The present invention relates to virtual private networks.
2. Description of the Related Art
Various transport and packet-based telecommunication services are provided to interconnect two or more customer locations. Two services provided by SBC Communications are branded as GigaMAN™ and Native LAN Plus™.
The GigaMAN™ service provides point-to-point 1.25 Gbps Ethernet service over dedicated fiber facilities. The GigaMAN™ service is a local-area network (LAN)/wide-area network (WAN) extension of a customer's CPE switches. Presently, the GigaMAN™ service does not offer multi-point to multi-point service.
The Native LAN Plus™ service provides point-to-point and multi-point-to-multi-point service supporting 10/100 Mb Ethernet, 4/16 Mb Token Ring, and Fiber Distributed Data Interface (FDDI). The service is based on existing ATM infrastructure using IP over ATM and RFC 1483/2684 Bridging Mode. Being ATM-based, this service is QoS capable. This service also has good operations and maintenance (OAM) capabilities (e.g. well-defined ATM OAM functionalities), and supports multiple LAN technologies. Presently, this service is neither scaleable (by requiring a large number of permanent virtual circuits), nor flexible (e.g. by requiring upgrades to the network to increase a customer access speed). For example, Gigabit Ethernet speeds are not presently supported, but can be supported by upgrading from an OC3c to an OC48c up-link into the network. A transparent LAN service (TLS), also known as a virtual private LAN service (VPLS), is designed to replace and address issues in the Native LAN Plus™ service.
In metropolitan area networks (MANs), Ethernet is a promising technology to increase the capacity in a scaleable and flexible manner. Providing Internet access and transparent LAN services over Ethernet platforms has several advantages. Starting from 10 Mbps speed, Ethernet can support 100 Mbps and 1000 Mbps, and soon will reach 10 Gbps. With Ethernet, like other layer 2 services, the carrier is responsible for layer 2 connectivity and does not participate in layer 3 routing. Thus, the carrier avoids the complexities of peering at layer 3 with its customers.
The simplicity of Ethernet, compared to ATM and SONET, results in challenges to be addressed in order to provide carrier class transparent LAN and dedicated Internet access services. In particular, any platform that is to be widely deployed in carrier networks should address network management and performance guarantees. By not guaranteeing a committed end-to-end rate, Ethernet currently is inferior to SONET and ATM on providing Quality of Service (QoS). Further, Ethernet does not have fast recovery mechanisms to redirect traffic around faults, which is disadvantageous when attempting to deploy high-premium, mission-critical services. In addition, Ethernet does not have built-in monitoring and troubleshooting capabilities. In a sense, the complexity is moved to network management, monitoring, and capacity planning phases.
To overcome the aforementioned issues, Ethernet platforms are implementing Ethernet over Multi-Protocol Label Switching (EoMPLS). EoMPLS employs a combination of Resource Reservation Protocol with Traffic Engineering (RSVP-TE) extensions and Open Shortest Path First with Traffic Engineering (OSPF-TE) extensions, Connection Admission Control (CAC), and constraint-based routing algorithms to address the aforementioned issues.
FIG. 1 is a block diagram of an Ethernet Optical Network (EON). The metro EON comprises Ethernet switches connected by fiber links. The fiber links can be either 10 Gigabit Ethernet links or wave-division multiplexed (WDM) links. The edge of the service provider networks extends to the customer premises and terminates at switch network elements owned by the service provider.
As defined by the Internet Engineering Task Force (IETF), a VPN or a closed user group has the following network elements: (i) customer edge (CE) devices such as a Multi-Tenant Units (MTUs) 20 associated with the access layer to the network; (ii) provider edge (PE) devices 22 associated with the aggregation layer of the network; and (iii) provider core (P) devices 24 associated with the core layer of the service provider network. The MTU devices 20 reside in the customer premises but is owned by the service provider. The PE devices 22 are at the edge of the service provider network and placed in a service provider's central office locations. The PE devices 22 possess a significant feature set to support its many tasks. The core MPLS tunnels start and end at the PE switches 22. Further, an existing Frame Relay/ATM network is connected to the EON at the PE-level. The P devices 24 are high-speed MPLS label swapping devices that reside in the service provider's central office locations.
Typically, a number of access/edge network elements have point-to-point (PTP) Gigabit Ethernet links, optionally with protection including diverse routing, to an aggregation network element located at a central office. The access/edge network elements connect to customer CPEs (e.g. routers) via Ethernet or Gigabit Ethernet links.
The aggregation network elements are interconnected to core network elements in a mesh with PTP fiber Gigabit Ethernet links within the central office. PTP links can be provided over a ring topology where appropriate. Also, where appropriate, WDM links can be used to interconnect the core network elements between central offices. Multiple central offices may reside in a Local Access and Transport Area (LATA). The Ethernet-based services are currently offered within a LATA.
Typically, a handoff to an Internet Service Provider (ISP) or multiple ISPs 30 occurs at the core network element. This provides access to the global Internet 32. Other core network elements can couple the network to an ATM/Frame Relay (FR) backbone 34 or an IP-VPN backbone 36. The network in combination with the backbone 36 can provide a VPN for sites 40 of a corporation C. The network in combination with the backbone 34 can provide a VPN for sites 42 of a corporation D. Sites 44 and 46 for corporations A and B are also served.
The telecommunication industry is attempting to make MPLS robust and scaleable. IETF draft documents (herein referred to as “Martini specifications”) define PTP transport using Label Distribution Protocol (LDP), and encapsulations for multiple layer 2 services such as FR and ATM. Label stacking is used to improve the scaleability of the network. A tunnel label determines the path to the remote edge, and a Virtual Circuit (VC) label designates the tunnel end point.
Other IETF draft documents detail multi-point-to-multi-point extensions based on Hierarchical VPLS (HVPLS), Decoupled Transparent LAN Service (DTLS), and Logical Provider Edge (LPE). HVPLS uses LDP to signal the VPLS or TLS. However, an administrator is required to configure the membership explicitly because the LDP does not have a VPN discovery function. In contrast, both DTLS and LPE define a mechanism for automatic VPN discovery in Multi-Protocol Border Gateway Protocol (MP-BGP).
In HVPLS, a single Virtual Circuit Label-Switched Path (VC-LSP) exists between the MTU edge switch and the PE switch per each closed user group. Both the MTU and the PE perform MAC learning, however only the PE does replication for unknown and broadcast frames. PEs are fully meshed by VC-LSPs for each closed user group. VC-LSPs in HVPLS use Martini specifications.
In DTLS, MTUs are fully meshed by VC-LSPs per each closed user group. The MTU performs both MAC learning and replication for unknown and broadcast frames. PEs are responsible for closed user group discovery and MPLS label distribution. VC-LSPs in DTLS use Martini specifications.
In LPE, a single VC-LSP exists between the MTU edge switch and the PE switch per each closed user group. The MTU performs MAC learning, and the PE does replication for unknown and broadcast frames. PEs are fully meshed by VC-LSPs for each closed user group. VC-LSPs in LPE use proprietary encapsulation to perform replication whenever necessary to optimize replication functionality.