The invention relates generally to the field of virtual private networks and more particularly, to partitioning shared network infrastructure into multiple distinct virtual private network areas.
With the growing popularity of the Internet and networks in general, there is a trend towards centralized network services and centralized network Service Providers (providers). To be profitable, however, providers need to constantly maintain and if possible enlarge their customer base and their profits. Since leased line services are coming under increased competition, profit margins have been decreasing for these providers. Thus, an increased number of providers are trying to attract small and medium sized businesses by providing centralized network management. In accordance with this goal, they are offering Virtual Private Networks (VPNs) to interconnect various customer sites (private networks) which are geographically dispersed. One such service is an Internet Protocol (IP) VPN which interconnects geographically dispersed private IP networks over the provider""s shared network facilities.
The general goal of an IP VPN is to offer privacy and performance on par with leased line interconnectivity while realizing substantial deployment efficiencies due to the shared network infrastructure. The term xe2x80x9cproviderxe2x80x9d includes the public carrier, network operator or Internet Provider (xe2x80x9cISPxe2x80x9d), or consortiums thereof, who operate the shared network infrastructure and offer the IP VPN service. The shared network structure will also be referred to as the base network of the VPN. VPNs are of great interest to both providers and to their customers because they offer privacy and cost efficiency through network infrastructure sharing. There has been difficulty providing this service, however, due to address conflicts, security problems, scalability issues and performance problems.
Others have attempted to offer this service over a single instance of a shared network, however, a single instance of a shared network is not suitably scalable. Most networks do not have the ability to handle very large numbers of VPNs due to the amount of traffic and links required.
Accordingly there exists the need for a system which provides a scalable VPN infrastructure.
There also exists the need for a system which allows an IP VPN Provider to partition the shared network based upon implementation choices.
There exists the need for a system which enables various Providers to jointly provide IP VPN service over various subnetworks.
It is accordingly an object of the present invention to provide a system which provides a scalable VPN infrastructure.
It is another object of the invention to provide a system which allows an IP VPN Provider to partition the shared network based upon implementation choices.
It is still another object of the invention to provide a system which enables various Providers to jointly provide IP VPN service over various subnetworks.
These and other objects of the invention will become apparent to those skilled in the art from the following description thereof.
It has now been discovered that these and other objects may be accomplished by the present virtual private network infrastructure which enables private communications over a shared network, between at least two geographically separate private networks. The present invention includes a shared network partitioned into at least two distinct areas. It includes a first router connected to a first area and configured to distribute first router VPN information across the first area. The first router VPN information includes a VPN identifier which is assigned to the first router. The system also includes a second router connected between the first area and a second area which is configured to distribute second router VPN information across the first area. The second router VPN information includes a VPN identifier which is assigned to the second router. The VPN identifier assigned to the first router is the same as the VPN identifier assigned to the second router.
In an embodiment of the invention, the virtual private network infrastructure includes a shared network partitioned into at least two distinct areas. It includes first router means connected to a first area for dynamically distributing first router means VPN information across the first area and second router means connected between the first area and a second area for dynamically distributing second router means VPN information across the first and second areas. The first and second router means VPN information includes a VPN identifier which is assigned to said first and second router means respectively. The VPN identifier assigned to the first router means is the same as the VPN identifier assigned to the second router means.
In another embodiment, the invention includes a method of configuring a virtual private network infrastructure which enables private network communications over a shared network. The method includes partitioning a shared network into two or more areas. It also includes connecting a virtual router between at least two of the areas and assigning at least one VPN identifier to the virtual router. The method includes creating a link between a first private network router and a first shared network router, such that the first shared network router is connected to a first area. It also includes assigning the same VPN identifier assigned to the virtual router to the first shared network router; and communicating the VPN identifier between the first shared network router and the virtual router.
The invention will next be described in connection with certain illustrated embodiments; however, it should be clear to those skilled in the art that various modifications, additions and subtractions can be made without departing from the spirit or scope of the claims.