1. Field of the Invention
The present invention relates to communication networks and, more particularly, to a method and apparatus for exchanging routing information between virtual private network sites.
2. Description of the Related Art
Data communication networks may include various computers, servers, nodes, routers, switches, hubs, proxies, and other devices coupled to and configured to pass data to one another. These devices will be referred to herein as “network devices.” Data is communicated through the data communication network by passing data packets (or data cells or segments) between the network devices by utilizing one or more communication links. A particular data packet may be handled by multiple network devices and cross multiple communication links as it travels between its source and its destination over the network.
The various network devices on the communication network communicate with each other using predefined sets of rules, referred to herein as protocols. Different protocols are used to govern different aspects of the communication, such as how signals should be formed for transmission between network devices, various aspects of what the data packets should look like, and how packets should be handled or routed through the network by the network devices.
A Virtual Private Network (VPN) may be formed by securing communications between two or more networks or network devices to form a VPN tunnel, such as by encrypting or encapsulating transmissions between the networks or network devices. Using VPN tunnels over a public network such as the Internet enables information to be exchanged securely between geographically dispersed sites without obtaining dedicated resources through the public network.
To enable devices on one VPN site to communicate with devices on another VPN site via the VPN tunnel, it is necessary to exchange routing information between the two VPN sites. Likewise, as network devices are added and removed from the networks, or as problems are encountered and fixed in the networks, the routing tables need to be updated and advertised to the other participating sites in the VPN.
There are currently two commonly utilized methods of establishing VPN tunnels on a network. The first model is described in Internet Engineering Task Force (IETF) Request For Comments (RFC) 2547, the content of which is hereby incorporated herein by reference. RFC 2547 describes a VPN architecture in which MultiProtocol Label Switching (MPLS)-based tunnels are used to forward packets over the network backbone. An instance of Border Gateway Protocol (BGP) is used to distribute routes over the backbone for all VPNs provisioned through a particular Provider Edge network device (PE). Routing information for each VPN serviced by a PE is stored in a separate VPN routing and forwarding table (VRF) or a distinguishable area of the PE's common VRF. VPNs established utilizing the 2547 VPN model will be referred to herein as “VRF-based VPNs.”
A second model for establishing VPN tunnels through a network is based on the concept of a Virtual Router (VR). A virtual router is a software construct in a physical router that has all the attributes of a physical router, but which shares processor time, switch plane resources, and other physical resources of the physical router. Because the virtual router is logically separate from other virtual routers, it has its own routing space, its own policy information, and is able to be provisioned much the same as any other router on the network. Virtual router based VPNs (VR-based VPNs) are described, for example, in an IETF Internet-Draft by Paul Knight, et al., entitled “Network-based IP VPN Architecture using Virtual Routers,” July 2002, the content of which is hereby incorporated herein by reference.
Both VR-based VPNs and VRF-based VPNs have been widely deployed on existing communications networks. Unfortunately, despite this wide-spread deployment, the two models are unable to be easily interconnected due to differences in the way in which they are constructed, the type of routing information utilized by the different models, and the manner in which routing information is distributed in the different models. To enable customers and service providers to deploy the VPN model best suited to the particular circumstances based on customer needs and network resources, and to allow customers to migrate between the two models, it would be advantageous to be able to interconnect VPNs regardless of what VPN model is implemented at a particular VPN site.