A Virtual Private Network (VPN) may be thought of as a private network constructed within a shared network infrastructure. In common terminology, these private networks are used by clients while the network infrastructure is supplied by providers.
Existing varieties of Layer-3 VPNs have limitations affecting ease of implementation and use generating:                customers who are not comfortable with Layer-3 VPN IP datapath due to security concerns;        customers who want to have flexibility to use Layer-2 circuits for some applications integrated into a Layer-3 VPN;        customers who want to improve their Layer-3 management but want control on the datapath;        customers who want to use Layer-2 QoS capabilities with IP-VPN service; and        customers who plan to upgrade to Layer-3 VPN in the future but are not ready to give up their existing Layer-2 networks, for example, Frame Relay networks currently generating revenue.        
In view of the foregoing, it would be desirable to provide a technique for providing switched layer-2 VPNs combined with a subset of layer-3 VPN technology which overcomes the above-described inadequacies and shortcomings.