The present invention relates to data networking and more particularly to virtual private networks.
Virtual private network technology is a popular and effective way of interconnecting geographically dispersed nodes belonging to a private network operator such as an enterprise via a service provider network that is shared with other data services such as other virtual private networks or public data services. The enterprise achieves the connectivity of a private network without having to own and operate its own network infrastructure over a wide geographic region.
A particular type of network is known as a layer 2 virtual private network (L2VPN). Layer 2 frames such as, e.g., Ethernet frames, PPP frames, etc., are carried across the service provider network via tunnels. The service provider network may be, e.g., a packet switched network that uses IP or MPLS or a combination of both, and the tunnels can be IP or MPLS tunnels. The layer 2 virtual private network can allow remote nodes to connect to one another as if they were connected to a shared physical medium even though their connection is in fact across the service provider network cloud. For example, a virtual private LAN may be configured across the service provider network.
Consider the structure of a layer 2 virtual private network. The layer 2 virtual private network interconnects remote customer networks via the service provider network. The service provider network is a packet-switched network. On the provider side of the border between the provider network and the customer network there are one or more provider edge routers. On the customer side of the border there are one or more customer edge routers.
An “attachment circuit” is a single 2-way physical or virtual link between a provider edge router and a customer edge router. For example, an attachment circuit may be, e.g., an RS-232 serial line, a point-to-point Ethernet connection, an ATM virtual circuit, etc.
A “pseudowire” is an emulated 2-way circuit across the provider network. A pseudowire may be implemented as a pair of VC LSPs (Virtual Circuit Label Switched Paths), one in each direction in an MPLS network. Multiple pseudowires may share the same tunnel LSP.
One application that may be provided across such a network is a simple cross-connection between attachment circuits via a pseudowire. This is sometimes referred to as a virtual private wire service (VPWS). Traffic received from an attachment circuit on a provider edge router is forward to a remote provider edge router via the pseudowire. When the remote provider edge router receives traffic from the pseudowire, it selects the correct receiving attachment circuit based on an encapsulation demultiplexing identifier (e.g., an MPLS label) assigned to traffic for that pseudowire.
In a variant of the just-described VPWS implementation, multiple attachment circuits are aggregated into what is referred to as a “colored pool”. For example, a colored pool might contain all of the attachment circuits between a given provider edge router and a given customer edge router. A pseudowire may connect two colored pools on remote provider edge routers by connecting two arbitrary attachment circuits belonging to the two pools.
Another application that may be provided is a virtual private LAN service (VPLS). To implement a VPLS, each participating provider edge router is fitted with a virtual switching instance (VSI). A VSI operates as a type of virtual LAN switch between one or more attachment circuits and one or more pseudowires. When a frame arrives at a VSI via an attachment circuit or pseudowire, a layer 2 address of the frame is used to pick an output attachment circuit or pseudowire. A virtual private LAN can be constructed as a mesh of pseudowires between VSIs on participating provider edge routers.
Generically, a single VSI used to implement VPLS, or a colored pool or single attachment circuit used to implement VPWS, may be referred to as a “forwarding instance” or “forwarder.” Currently, a forwarder (colored pool or single attachment circuit) associated with a VPWS can only connect to another forwarder associated with a VPWS and a forwarder (VSI) associated with a VPLS can only connect with another forwarder (VSI) associated with a VPLS. It would be desirable to provide connections between heterogeneous layer 2 VPN applications, e.g., between a VPLS forwarder and a VPWS forwarder.
A difficulty arises in signaling the connection of such disparate forwarders via a pseudowire. On approach to signaling interconnections between forwarders is described in Martini, et al., “Transport of Layer 2 Frames Over MPLS,” IETF Internet Draft, November 2002, the contents of which are herein incorporated by reference for all purposes in their entirety. A virtual circuit identifier is used to identify a pseudowire. When forwarders wish to connect, they must be preconfigured with the same virtual circuit identifier so that they can refer to it when signaling the connection. Auto-discovery of remote forwarders does not avoid the need for a priori knowledge of the virtual circuit identifiers. Also, every time a remote forwarder must be shifted to a different provider edge router due to system maintenance needs, both the remote forwarder and a local forwarder have to be reconfigured.
Another method of signaling interconnections between forwarders is described in Rosen, et al., “LDP-Based Signaling for L2VPNs,” IETF Internet Draft, September 2002, the contents of which are herein incorporated by reference for all purposes in their entirety. Each forwarder is assigned an “attachment identifier” that is unique on a particular provider edge router. The combination of the provider edge router's address and the attachment identifier provides a globally unique identifier for the forwarder. However, the signaling procedures do not use the globally unique form of the identifier but instead use various components of the globally unique identifier and the components that are used change depending on which application is being supported and, for VPWS, whether the connection is to be between colored pools. It is therefore difficult to interconnect forwarders corresponding to disparate layer 2 virtual private network applications because the signaling mechanism lacks a generalized application-independent method for uniquely specifying a forwarder. A further obstacle to interconnection is that different VPN applications are assigned different multiprotocol BGP subsequent address family identifiers, making auto-discovery of disparate types of forwarders impossible.
Systems and methods for interconnecting forwarders belonging to heterogeneous layer 2 virtual private network applications are needed.