Virtual private networks, or VPNs, are becoming increasingly popular as a cost-effective means for conducting voice and data communications between, for example, corporate data centers, remote offices, mobile employees, customers, suppliers, and business partners. In general, a VPN is a private network configured within a public network, such as a service provider's network or the Internet. The VPN of a given customer appears privately dedicated to that customer, when in actuality the customer's VPN shares the same physical backbone with the VPNs of many other customers.
Increasingly, service providers are using MPLS (Multi-protocol Label Switching) tunneling to implement VPNs across their packet-switched networks. Two major types of IP/MPLS-based VPNs have arisen: (1) layer-3 VPN services, referred to as L3VPNs; and (2) layer-2 VPN services, referred to as L2VPNs. A standard for L3VPNs is described in Internet Engineering Task Force (“IETF”) Request for Comments (“RFC”) 4364, titled “BGP/MPLS IP Virtual Private Networks (VPNs)”, the entirety of which is hereby incorporated by reference herein. Implementations of L2VPNs are described in RFC 4761, titled “Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling”, in RFC 4762, titled “Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling”, and in IETF draft-ietf-12vpn-signaling-08.txt, titled “Provisioning, Autodiscovery, and Signaling in L2VPNs”, the entireties of which are hereby incorporated by reference herein.
Implementing a MPLS-based VPN generally requires the distribution of certain routing information between provide edge (PE) routers of the service provider's network. A commonly used inter-domain routing protocol for exchanging such routing information is the Border Gateway Protocol, or BGP. For example, using BGP messages, PE routers exchange VPN routes (layer-3) with customer edge (CE) routers and with other PE routers in the service provider network. For layer-2 VPNs, PE routers use BGP update messages to exchange VPLS (Virtual Private LAN Service) membership and demultiplexor information with other PE routers in the same VPLS.
With the advent of connection-oriented forwarding technologies such as Provider Backbone Transport (PBT) and Provider Backbone Bridge (PBB), native Ethernet is rapidly emerging as a viable packet-switched network technology. Consequently, Ethernet is becoming more widely used, particularly in metro-area networks and wide-area networks. With PBT, service providers are able to establish point-to-point and point-to-multipoint Ethernet tunnels and to specify paths that service traffic will take through their Ethernet networks. With PBB, service providers are able to separate a communications network into customer domains and service provider domains. The separation is achieved by encapsulating the customer packets within a backbone (i.e., service provider) MAC (Media Access Control) header. Network devices in the service provider domain forward packets based on the service provider MAC header while the customer header remains invisible except at the edge of the service provider domain. Having such capabilities, service providers are desirous of supporting layer-2 and layer-3 BGP-VPN applications over their Ethernet networks. Notwithstanding, to support such BGP-VPN applications, control plane mechanisms are needed by which PE routers may control what routing information to accept and distribute.