1. Field
This application relates to network elements and, more particularly, to a method and apparatus for specifying the manner in which IP termination should occur in a network element.
2. Description of the Related Art
Data communication networks may include many switches, routers, and other devices coupled to and configured to pass data to one another. These devices will be referred to herein as “network elements”. Data is communicated through the data communication network by passing protocol data units, such as frames, packets, cells, or segments, between the network elements by utilizing one or more communication links. A particular protocol data unit may be handled by multiple network elements and cross multiple communication links as it travels between its source and its destination over the network.
FIG. 1 illustrates one example of a communication network 10. As illustrated in FIG. 1, subscribers 12 access the network 10 by interfacing with one or more Provider Edge (PE) network elements 14. The provider edge network elements collect traffic from multiple subscribers and multiplex the traffic onto the network backbone, which includes multiple Provider (P) network elements 16 connected together. The subscribers 12 thus may obtain access to the network 10 to exchange data with other subscribers, to obtain access to networked resources, or otherwise to take advantage of the communication services provided by the communication network.
The network elements on the communication network, such as subscriber gateways 12, provider edge network elements 14, and provider network elements 16, communicate with each other using predefined sets of rules, referred to herein as protocols. Multiple protocols exist, and are used to define aspects of how the communication network should behave, such as how the network elements should identify each other on the network, the format that the data should take in transit, and how the information should be reconstructed once it reaches its final destination. Examples of several protocols include Asynchronous Transfer Mode (ATM), Frame Relay (FR), Ethernet, Transport Control Protocol (TCP), Internet Protocol (IP), Point-to-Point Protocol (PPP), and Multi-Protocol Label Switching (MPLS), although there are probably more than 100 other protocols as well that may be used to govern aspects of communications taking place over the network.
Since the network 10 may be shared by many subscribers 12, it is often important to secure the communications so that one subscriber's use of the network is not visible to other subscribers. One way of doing this is to form a Virtual Private Network (VPN). A VPN is formed by securing communications between two or more networks or network elements to form a VPN tunnel, such as by encrypting or encapsulating transmissions between the networks or network elements. Using VPN tunnels enables information to be exchanged securely between geographically dispersed sites over a network that is otherwise not entirely secure. VPN tunnels thus may be used to secure traffic, for example, across a public network such as the Internet. VPN tunnels may be used in many contexts, however, and securing traffic on the Internet is merely one example of a use for VPN tunnels.
As networks have increased in size and sophistication, the number of tunnels to be supported to a given VPN site has increased dramatically such that a given network element may be required to support many VPN tunnels. For example, a VPN site may wish to establish tunnels to branch offices and may wish to establish client tunnels with individuals or other networks to allow employees, suppliers, and/or subscribers to access resources on the network associated with the VPN site. In this instance, the VPN site may participate simultaneously on hundreds or thousands of branch office and client VPN tunnels.
One way to enable a network element to handle larger numbers of VPN tunnels is to provide multiple processors in the network element. A large network element may include several processors such as CPUs and Network Processing Units (NPUs), to enable it to handle the load placed on the network element by the VPN tunnels.
Depending on the particular protocol to be implemented or service to be offered on a particular VPN, it may be necessary for a network element to start one or more applications within the context of the VPN. These applications will process control and/or data packets to allow particular services to be provided on the VPN. To prevent information from being communicated between VPNs, an instance of each program is generally started for each VPN in which the service is to be provided.
In a network element having multiple processors, a given VPN will be started on one of the processors and a routing entity for that VPN will be established on the processor. Any IP packets associated with the VPN that are to be terminated at the network element will be forwarded to that processor. Accordingly, any application that needs access to IP packets on a particular VPN (IP applications) has conventionally been required to be stared on the same processor as the routing entity for that VPN.
When a network element is configured to have multiple processors, it would be advantageous to allow the load from the network elements to be distributed across the processors. Unfortunately, requiring IP applications to be started by the processor hosting the routing engine inhibits distribution of workload between the processors. Accordingly, this restriction may result in an imbalanced processor work-load distribution.