A private network may include a number of devices, such as computers, owned or administered by a single enterprise. These devices may be grouped into a number of site networks, which in turn may be geographically distributed over a wide area. Each site network may include one or more local area networks (LANs).
Traditionally, in order to maintain the privacy of the communications between these site networks, interconnection of these site networks has been accomplished using dedicated communication lines leased from a service provider. With the advent of Virtual Private Network (VPN) technology, enterprises can now accomplish private connectivity between site networks over a public network, such as the Internet. By eliminating the need for dedicated lines between the site networks, VPNs yield substantial cost savings as compared to traditional private networks.
A VPN may be configured in a hub-and-spokes topology. In a hub-and-spokes network, one site network is the hub, while other site networks are the spokes. This configuration passes all data through the central hub site network; isolating the spoke site networks, and allowing communication between devices within different spoke site networks only through the hub site network. An enterprise may desire to configure a VPN used by the enterprise in this manner in order to monitor or control communications between devices within different spoke site networks. For example, the hub site network may be the network at the headquarters of the enterprise, while the spoke site networks are typically networks at geographically distributed branch offices, sales offices, manufacturing or distribution facilities, or the like, of the enterprise. The enterprise may desire to configure the VPN in a hub-and-spokes topology to monitor or control communications between these distributed facilities or offices at the headquarters.
Generally, each site network of a VPN connects to the public network via at least one router on the public network administered by a provider of the VPN service. In some situations, multiple site networks of a single VPN may be connected to the public network via the same router. The connection of multiple site networks to the same router may make it difficult to maintain the desired packet flow in a hub-and-spokes VPN. An existing solution to this problem is to configure routers to maintain a separate routing and forwarding information for each site network connected to that router. This existing solution may, however, cause a number of problems. For example, as the number of site networks connected to a single router increases, the demands of maintaining a separate routing and forwarding information for each connected site network on the processing and memory resources of that router will increase proportionally. This increased demand might ultimately affect the performance of that router, decreasing the performance of the VPN as a whole in a way that is apparent to the enterprise.