A computer network is a collection of interconnected computing devices that exchange data and share resources. In a packet-based network, such as the Internet, the computing devices communicate data by dividing the data into small blocks called packets. The packets are individually routed across the network from a source device to a destination device. The destination device extracts the data from the packets and assembles the data into its original form. Dividing the data into packets enables the source device to resend only those individual packets that may be lost during transmission.
A private network may include a number of devices, such as computers, owned or administered by a single enterprise. These devices may be grouped into a number of site networks, which in turn may be geographically distributed over a wide area. Each site network may include one or more local area networks (LANs). With the advent of Virtual Private Network (VPN) technology, enterprises can now securely share data between site networks over a public network, such as the Internet. In a typically implementation, one or more “network tunnels” are engineered through the intermediate network to transport data and other network communications between the geographically distributed sites.
One form of a VPN is generally referred to as “MPLS VPN” in which Multi-Protocol Label Switching (MPLS) tunnels are used as a transport mechanism. MPLS is a mechanism used to engineer traffic patterns within Internet Protocol (IP) networks. By utilizing MPLS, a source device can request a path through a network to a destination device, i.e., a Label Switched Path (LSP), to carry MPLS packets from the source device to a destination device. Each router along an LSP allocates a label and propagates the label to the closest upstream router along the path for use in forwarding MPLS packets along the path. Routers along the path cooperatively perform MPLS operations to forward the MPLS packets along the established path.
An MPLS VPN combines the tunneling processes of MPLS with virtual routing and forwarding (VRF) and features of border gateway protocol (BGP) to create a VPN. When a VPN is established within a network, devices for the VPN each include VPN-specific VRF tables. Greater details regarding VPNs, specifically VPNs implemented using BGP and MPLS are discussed in E. Rosen and Y. Rekhter, “BGP/MPLS IP Virtual Private Networks (VPNs),” RFC 4364, February 2006, available at http://tools.ietf.org/html/rfc4364, and L. Andersson and T. Madsen, “Provider Provisioned Virtual Private Network (VPN) Terminology,” RFC 4026, March 2005, available at http://tools.ietf.org/html/rfc4026, the entire contents of each of which are incorporated by reference in their respective entireties.
Other forms of tunneling may be used instead of or in conjunction with MPLS. For example, another commonly used tunneling protocol is the Generic Routing Encapsulation (GRE) protocol which is typically used to encapsulate packets within Internet Protocol (IP) tunnels, thereby creating a virtual point-to-point link between devices, such as routers.
Routers involved in VPN-communications for an enterprise (e.g., provider edge (PE) routers or routers at the edge of a service provider network) maintain distinct virtual routing and forwarding VRF tables for each customer VPN, thereby providing a degree of logical isolation of routing and forwarding information for each different VPN. This technique works well when tunneling between devices with that are logically associated with the same routing and forwarding instance within a give router, such as when tunneling between two PE routers of the intermediate network or between a PE router of a service provider network and a local customer edge (CE) router coupled to that network. However, logical isolation of VRFs within a router may present significant challenges for the router when attempting to establish a tunnel with another router associated with specific instance of the VRF, such as a CE router of a customer VPN provided by a remote service provider network.