A computer network is a collection of interconnected computing devices that exchange data and share resources. In a packet-based network, such as the Internet, the computing devices communicate data by dividing the data into small blocks called packets. The packets are individually routed across the network from a source device to a destination device. The destination device extracts the data from the packets and assembles the data into its original form. Dividing the data into packets enables the source device to resend only those individual packets that may be lost during transmission.
Certain devices within a network, referred to as routers, maintain routing information that describes available routes through the network. Each route defines a path between two locations on the network. Upon receiving an incoming data packet, the router examines header information within the packet to identify the destination for the packet. Based on the header information, the router accesses the routing information, selects an appropriate route for the packet and forwards the packet accordingly.
Numerous types of routers exist within the Internet. Network Service Providers (NSPs), for example, maintain “edge routers” that provide Internet access to customers. These provider edge (PE) routers may also provide additional services to customers, such as supporting Virtual Private Networks (VPNs). A VPN allows an enterprise to accomplish private connectivity between site networks over a public network, such as the Internet. By eliminating the need for dedicated lines between the site networks, VPNs yield substantial cost savings as compared to traditional private networks.
In general, a VPN securely connects multiple customer networks using the public network, and ensures privacy by creating “tunnels” through the public network. More specifically, the VPN employs a tunneling protocol, such as the Internet Protocol security (IPsec) protocol, or the Layer 2 Tunneling Protocol (L2TP), to create the tunnels. The tunneling protocols typically encrypt packets using common encryption schemes, such as symmetric-key encryption, to ensure the packets are not compromised during transport over the public network.
In a typical configuration, an external peering session is established between a PE router and a customer edge (CE) router within each of the customer networks. The PE routers and CE routers advertise routing information throughout the VPN via one or more routing protocols. For example, the PE routers and CE routers may exchange routing information using internal routing protocols, such as the Internal Border Gateway Protocol (IBGP), and/or external routing protocols, such as the External Border Gateway Protocol (EBGP).
In general, external and internal routing protocols specify a variety of attributes when advertising routes to aid receiving routers in performing route resolution and other routing functions. More specifically, in accordance with many conventional routing protocols, routers within the public network update and/or replace these attributes as routing information is advertised across the public network from one customer network of the VPN to another. As one example, routers associated with different autonomous systems (AS) may replace BGP attributes and update an AS path associated with an advertised route as the routing advertisement propagates through the public network.
In the context of a VPN, however, the modification of these attributes may be undesirable, may lead to incorrect operation, and is generally inconsistent with the principle that the remote customer networks operate as if as directly connected via a “virtual” network.