In the modern telecommunications network space, the use of Virtual Private Networks (VPNs) has become increasingly popular as a means enabling cost-effective voice and data communications between remote sites. In general, a VPN is a private data communications network over-laid on a public Internet Protocol (IP) network (e.g. the internet) for connecting corporate data centers, remote offices, mobile employees, telecommuters, customers, suppliers, and business partners. Data transport between remote sites of the VPN is routed through channels which are set up through the public IP network using any of the Point-to-Point Protocol (PPP), Internet Protocol Security (IPSec), Layer 2 forwarding (L2F), and Layer 2 Tunneling Protocol (L2TP) protocols to ensure reliable performance and data security. Under most of these protocols, the data channels supported for use in conveying VPN traffic are referred to as tunnels.
In general, a tunnel encapsulates IP traffic of a communications session within an outer IP header as it passes through the tunnel, and includes: an ingress node at which traffic enters the tunnel and is encapsulated by the addition of the outer IP header; an egress node, where traffic exits the tunnel and is decapsulated by the removal of the outer IP header; and intermediate nodes through which tunneled traffic passes between the ingress and egress. In a VPN environment, the ingress and egress nodes serve as endpoints of an end-to-end communications path, and may correspond to customer premised equipment and/or network-based access equipment provided by a network service provider. One commonly utilized method of establishing network VPN tunnels is described in Internet Engineering Task Force (“IETF”) Request For Comments (“RFC”) 2547, the content of which is hereby incorporated herein by reference.
The encapsulation of IP traffic enables various routing and security features, and is a defining characteristic of IP tunnels. IP tunnels are considered to be unidirectional. Bi-directional data transport between two sites on a VPN is achieved by means of two unidirectional tunnels carrying traffic in opposite directions between the two sites.
IP traffic of a communications session through a tunnel retains its original IP header, while an outer IP header is attached and detached at tunnel endpoints. In general, the intermediate nodes between the tunnel endpoints operate solely on the outer IP header, and hence the per-hop-behavior (PHB) of the tunnel is determined by the contents of the Differentiated Services Code Point (DSCP) field of the outer IP header. The contents of this field are normally negotiated as part of the tunnel set-up procedure, typically by copying the DSCP field contents of the inner IP header. Once the DSCP field content of the outer IP header has been negotiated, it remains fixed for the life of the tunnel. In this manner, some Quality of Service (“QoS”) guarantees are provided by classifying traffic into various classes and employing differentiated packet dropping schemes to achieve the target packet loss. However, these DSCP mechanisms (also, referred to as DiffServ mechanisms) are generally ignorant about any topology changes.