Virtual Private Networks (VPNs) have gained increasing popularity by allowing institutional entities, such as corporations and universities, to maintain geographically distinct sites, or sets of users, as part of a homogeneous network. Accordingly, computer networks employed in such an arrangement include various configurations of the Internet, Service Provider (SP) networks, private networks, and Local Area Networks (LANs). A network such as an SP network may include peripherally located Provider Edge (PE) routers, each of which couples to one or multiple Customer Edge (CE) routers. The PE routers are used to maintain routing and forwarding context for each customer. The CE routers may couple to private LANs, or VPN subnetworks, associated with one or more customers. The PE routers learn local customer routes from the CE routers and distribute remote customer routes to the CE router. The PEs typically use the Border Gateway Protocol (BGP) to distribute customer routes to each other. To support routing operations, the PE routers maintain Virtual Routing and Forwarding (VRF) information in a table (a VRF table) dictating how to route and forward traffic through the shared physical network, also known as a core network, to support corresponding Virtual Private Networks (VPNs) for the different customers. Typically, the SP network selectively couples the LANs to each other through links created between its PE routers. For the core network, an ingress PE uses BGP functions to determine the egress PE. The ingress PE puts the packet in a two-level Multi Protocol Label Switching (MPLS) stack. The top label is used to tunnel packets to the egress PE to accomplish MPLS forwarding through the core network. The bottom label is used by the egress PE to identify the outgoing route for the packet.
VPNs, therefore, provide a secured means for transmitting and receiving data between network nodes even though a corresponding physical network supporting propagation of the data is shared by many users (and VPNs). In a typical networking environment used for routing data, the environment may include a number of Customer Edge (CE) routers, a number of Provider Edge (PE) routers and a packet-switched network (PSN). The PSN encompasses one or more core networks, each having a set of PE routers, interconnecting CE routers serving particular customer subnetworks. In a conventional exchange, data, encapsulated in layer-2 frames, may be forwarded from a first CE router to a first PE router, from the first PE router across the PSN to a second PE router, and from the second PE router to a second CE router.
In a large system having multiple service providers, each service provider may provide a portion, or core network, of the PSN. Particular providers may, for example, provide a portion of the overall (end-to-end) network, which may be one (or all) of the access network, core network (i.e. 1 or more autonomous systems), or an intermediate network between the end points (i.e.: a transit network). Therefore, a conventional VPN transmission may traverse many core networks, each operating as an autonomous system (AS) and having a set of ingress and egress PE routers. Accordingly, switching operations tend to become numerous and complex. A Pseudowire (PW) may be utilized to transfer data across the PSN. A Pseudowire is a mechanism that emulates attributes of a native service such as Asynchronous Transfer Mode (ATM), Frame Relay (FR), Point-to-Point Protocol (PPP), High Level Data Link Control (HDLC), Synchronous Optical Network (SONET) Frames or IEEE Ethernet over a PSN. The functions provided by the PW include encapsulating Protocol Data Units (PDUs) arriving at an ingress port, carrying them across a path or tunnel, managing their timing and order, and any other operations required to emulate the behavior and characteristics of the particular service. In a particular embodiment, PWs are used to carry ingress layer-2 traffic from an ingress PE router to an egress PE router, and then forward the layer-2 traffic out of an egress port of the egress PE router.
In conventional, or single hop pseudowire arrangements, a PDU (e.g., a frame) traverses the networking environment beginning at a first CE router and ending up at a second CE router. The first CE router sends a layer-2 PDU to an ingress PE router. The ingress PE router receives the PDU and encapsulates the PDU with MPLS labels which are used to identify the individual port/circuit and the egress layer-3 PE router. The encapsulated PDU is then forwarded on the PW, across the packet-switched network, to an egress layer-3 PE router. The egress layer-3 PE router removes the MPLS label that identifies the port/circuit that was added by the ingress PE router and forwards the layer 2 PDU to the second CE router. Therefore, the pseudowire transmission travels from a CE router to an ingress PE router denoting an endpoint of the single hop pseudowire. The ingress PE sends the packet, via the pseudowire, to an egress PE at a remote end of the pseudowire, across the core. The ingress PE terminates the pseudowire and forwards the packet to a CE router corresponding to the recipient.