A virtual private network VPN corresponds to an extended local network obtained by interconnecting various mutually remote local networks by way of an infrastructure in general managed by an operator. This infrastructure is a communication system which may be shared by various virtual private networks VPN, while safeguarding a level of mutual security and separation of these VPNs. For this purpose, provision is made to link the various local networks, or sites, of one and the same VPN, using virtual links, or else tunnels, via the shared system used. A tunnel corresponds in some sense to an encapsulation of data to be transmitted.
An MPLS (‘MultiProtocol Label Switching’) architecture is conventionally used for installing such a shared system for VPN networks. Within this architecture which allows the transport of communications between the various sites of one and the same VPN, it is conventional to implement a routing protocol of BGP (‘Border Gateway Protocol’) type such as defined by IETF document RFC 4364 (BGP/MPLS IP Virtual Private Networks). Such an IP/VPN BGP/MPLS network allows complete implementation for VPN networks.
In this type of network, an operator can manage the shared system and offer a level 3 connectivity VPN network service (that is to say of IP (‘Internet Protocol’) type) to clients having remote sites. Thus, between the IP networks (or sites) of one and the same client, provision is made to establish virtual IP links via the operator's system. The VPN topology or topologies of each client are determined by the latter and they are configured by the operator on the system's BGP-type equipment. The mesh between sites in a client's VPN topology can for example correspond to a completely meshed network. Such is the case when each VPN site is linked by a virtual link to each of the other sites. It can also form a star network. Such is the case when each site is linked to a central site by virtual IP link.
This type of network relies on a principle of announcing routes by broadcasting information within the whole of the shared system. More precisely, according to a routing protocol of BGP type, like the MP-BGP (“MultiProtocol BGP”) protocol, for each site of a VPN, a border router announces the routes for reaching this site to the whole of the system, that is to say to all the other border routers of the system. A border router belongs to the operator's infrastructure and is the interface of the VPN sites.
Furthermore, the implementation of the broadcasting of these route announcements relies on a particular mesh within the system, which may be either a complete mesh between all the border routers, or a complete mesh between route reflectors (RR).
These principles are readily applicable in a BGP/MPLS system of reasonable size. However, above a certain number of managed VPN sites, transmitting the route announcements within the whole of the system may overload the network globally, and may induce a certain unwieldiness of processing in particular in the case of the updating of the routing. Consequently, upon changes of routes, a new convergence of the routing might take too much time and might give rise to packet losses.