1. Field of the Invention
The invention relates to datacommunications. More particularly, the invention relates to methods and apparatus for tunneling different types of data packets over different types of networks.
2. State of the Art
Tunneling is a process whereby a data packet is encapsulated in another packet before traversing a network. There are two primary uses for tunneling. One use is to transport one type of packet over a network designed for another type of packet, e.g. Ethernet over ATM. Another application for tunneling is referred to as Virtual Private Networking, a process whereby a secure encrypted (or non-secure) connection is created across a public network through the use of tunneling.
Currently there are a wide variety of tunneling protocols. Some are platform and/or network dependent. Among the most popular protocols are: IP (Internet Protocol) over IP, IP over MPLS (multiprotocol label switching), Ethernet over MPLS, and L2TP (layer two tunneling protocol).
A Virtual Private Network (VPN) consists of two or more nodes connected by “virtual links”, i.e. tunnels, through a public network such as the Internet. From the point of view of the nodes, the tunnel operates as a point to point link and the tunneling protocol operates as a link layer protocol.
By definition, a tunnel exists between two nodes. One node is referred to as the entry node and the other is referred to as the exit node. A tunnel is unidirectional. Bi-directional tunneling is achieved by pairing two tunnels. These are referred to as the “direct tunnel” and the “reverse tunnel”. The two tunnels may traverse different nodes in the network or the tunnels may be symmetrical, i.e. traverse the same nodes in both directions.
Generally speaking, the tunneling process involves the processing of headers attached to data packets. For example, at the entry node one or more tunnel headers are pre-pended to the data packet. As the packet traverses the tunnel, intermediate nodes in the tunnel process the packet according to the tunneling protocol. For example, in IP over IP tunneling, intermediate nodes perform IP header processing and IP packet forwarding. In an MPLS tunnel, intermediate nodes perform MPLS label processing and MPLS packet forwarding. At the exit node, destination node processing is performed. For example, in an IP over IP tunnel, the exit node reassembles IP packet fragments and processes the reassembled packets according to their original (inner) headers. The processing of headers or other packet information is performed with the aid of a database. The header information is used as a key to lookup a matching entry in the database to yield an output port. The following is a more detailed explanation of how IP, MPLS, and L2TP tunneling operate.
IP over IP Tunneling
Each node in an IP tunnel maintains a “Forwarding Information Base” (FIB) which contains a plurality of entries. Each entry includes an IP address of a host or an IP prefix of one or more networks as well as information about the “Next Hop Routers” through which the destination host or network can be reached. (As used herein, the term router is meant to include switches as well as routers.) The Next Hop information consists of an IP address of the Next Hop router, the IP interface on which the Next Hop Router is reachable, and possibly more information such as a Layer 2 address. The FIB entries are typically built based on routing information disseminated dynamically by IP Routing Protocols. However, entries can also be built based on information statically configured into the router. Some routers may have multiple FIB.
IP packet forwarding is performed hop by hop. Each router in the tunnel uses the FIB information to find the best possible Next Hop router to forward an IP packet on its way to the final destination. The identity of the best possible Next Hop Router for forwarding an IP packet is determined by comparing the packet's destination IP address with the IP addresses and prefixes in the FIB. The FIB entry having the IP address or prefix which matches or most closely matches the destination IP address of the packet identifies the best possible Next Hop router. This comparison is referred to as the Longest Prefix Match. The Longest Prefix Match yields an output “IP interface” which is used to forward the packet.
The “IP interface” (IF) is an abstraction of the IP functions on a physical or logical port of a router or switch. It leads to the identification of the egress port through the binding relation with the Layer 2 interface and performs the needed IP functions to pass the packet through the port. The IF is usually configured by the router operator with information which is relevant to the IP protocol processing performed by the router.
Each router used in IP over IP tunneling also maintains an “IP Tunnel Interface” (TIF) for each tunnel serviced by the router. The TIF is an abstraction of IP over IP tunnel functions on a physical or logical port of a router. It identifies the entry and exit nodes for the tunnel. Usually, it is configured by the router operator.
Tunnels may be static or dynamic. A static tunnel uses the same set of routers and takes the same route through the network all the time. A dynamic tunnel can take different routes through the network based on network conditions or tunnel programming. Most IP tunnels are dynamic and use the best route available based on network congestion or time of day.
When a packet reaches its final destination, the exit node router strips the tunnel header(s) from the packet. The remaining inner header is an IP header, and therefore, the packet is passed to an IP processing engine which performs an IP lookup on the inner IP header, i.e. the IP destination address. This lookup may yield an outgoing interface, if the packet is to be forwarded, or may indicate local consumption, if the router itself is the final destination. The router itself may be the final destination when the packet contains command/control information.
MPLS Tunneling
The key concept in MPLS tunneling is identifying and marking packets with labels and forwarding them to a router which then uses the labels to forward the packets through the network. The labels are created and assigned to packets by a Label Distribution Protocol (LDP) based upon the information gathered from existing routing protocols or some other method.
An MPLS tunnel includes a plurality of interconnected Label Switch Routers (LSRs). At least some of the LSRs are coupled to Label Edge Routers (LERs). An MPLS tunnel is also referred to as a Label Switched Path (LSP) from an input LER through LSRs to an output LER. When a packet arrives at an LER, the LER extracts the datagram (the data portion of a packet) and the routing information from the packet and assigns a label to the datagram based on routing information. The datagram with the label is then sent to an LSR based on the label. The LSR which receives the datagram forwards it on through the network based on the label.
An LSP is a set of LSRs that packets belonging to a certain FEC (forwarding equivalence class) travel in order to reach their destination. Each LER in an MPLS tunnel (LSP) has an Incoming Label Map (ILM). The ILM specifies the action to take when a labeled packet is received. Each entry defines an incoming label, a label operation, and a link to a Next Hop Label Forwarding Entry (NHLFE). The ILM is built based on label distribution information disseminated by a Label Distribution Protocol (LDP) engine.
Each LER in the MPLS tunnel (LSP) has an FEC-to-NHLFE Map (FTN). The FTN specifies the action to take when an unlabeled packet is received. Each entry in the FTN defines a set of characteristics used to categorize the packet, and a link to an NHLFE. The FTN is also built based on information disseminated by a Label Distribution Protocol (LDP) engine.
An NHLFE specifies “how to” forward a packet. It defines an outgoing label, a label operation, a next hop IP address, and an output interface. It may also specify an MPLS label stack. The label stack identifies a series of labels to push on a labeled packet in the process of forwarding the packet on an LSP segment. The NHLFE is built based on label distribution information disseminated by a Label Distribution Protocol (LDP) engine.
Simple label forwarding is realized by pointing an ILM entry to an NHLFE, and applying a label swap. This is referred to as the MPLS label swapping/forwarding function. An LSP is originated by pointing an FTN entry to a NHLFE, and applying a label push. This is referred to as the LSP entry function. An LSP is terminated by not pointing an ILM entry to any NHLFE, and applying a label pop at input. Terminating the LSP does not guarantee that the packet will be consumed by the local node. The packet is forwarded using the exposed label or IP header. The collection of ILMs and related NHLFEs are collectively called the MPLS Label Information Base or LIB.
L2TP Tunneling
The L2TP (layer two tunneling protocol) is an extension to PPP (point-to-point protocol) that enables ISPs to operate Virtual Private Networks (VPNs). L2TP works with UDP (user datagram protocol) and IP drivers. L2TP uses a “tunnel list” which is analogous to an MPLS LIB. When a packet is received front a PPP link, part of the PPP header is stripped off and replaced with an L2TP header which includes tunnel and session IDs. The packet is sent to an L2TP tunnel by writing to a UDP driver with IP interface data and the end point IP address. At the end of the tunnel, data is read from a UDP port. The tunnel ID, session ID, and packet flags are extracted. The data is then formatted and written to a PPP link associated with the session. L2TP provides a “one hop” virtual PPP link which spans a multi-hop IP path.
From the foregoing it will be appreciated that the different tunneling protocols process packets in very different ways. State of the art routers which are intended to support different types of tunneling have separate processing engines for each supported tunneling protocol. Depending on the number of tunneling protocols to be implemented, the router may not be cost effective from the perspective of resources, design time and maintainability.