Many enterprises are changing their business processes using advanced information technology (IT) applications to achieve enhanced productivity and operational efficiencies. These advanced applications tend to place increasing importance on peer-to-peer data communications, as compared to traditional client-server data communications. As a result, the underlying network architecture to support these applications is evolving to better accommodate this new model.
The performance of many peer-to-peer applications benefit from being implemented over service provider networks that support multipoint network services. A multipoint network service is one that allows each customer edge (CE) end point or node to communicate directly and independently with all other CE nodes. Ethernet switched campus networks are an example of a multipoint service architecture. The multipoint network service contrasts with the hub-and-spoke network service, where the end customer designates one CE node to the hub that multiplexes multiple point-to-point services over a single User-Network Interface (UNI) to reach multiple “spoke” CE nodes. In a hub-and-spoke network architecture, each spoke can reach any other spoke only by communicating through the hub. Traditional network service offering to the end customers via wide area networks (WANs) such as Frame Relay (FR) and asynchronous transfer mode (ATM) networks are based on a hub-and-spoke service architecture.
Virtual Private Network (VPN) services provide secure network connections between different locations. A company, for example, can use a VPN to provide secure connections between geographically dispersed sites that need to access the corporate network. There are three types of VPN that are classified by the network layer used to establish the connection between the customer and provider network. Layer 1 VPNs are simple point-to-point connections such as leased lines, ISDN links, and dial-up connections. In a Layer 2 VPN (L2VPN) the provider delivers Layer 2 circuits to the customer (one for each site) and provides switching of the customer data. Customers map their Layer 3 routing to the circuit mesh, with customer routes being transparent to the provider. Many traditional L2VPNs are based on Frame Relay or ATM packet technologies. In a Layer 3 VPN (L3VPN) the provider router participates in the customer's Layer 3 routing. That is, the CE routers peer only with attached PEs, advertise their routes to the provider, and the provider router manages the VPN-specific routing tables, as well as distributing routes to remote sites. In a Layer 3 Internet Protocol (IP) VPN, customer sites are connected via IP routers that can communicate privately over a shared backbone as if they are using their own private network. Multi-protocol label switching (MPLS) Border Gateway Protocol (BGP) networks are one type of L3VPN solution. An example of an IP-based Virtual Private Network is disclosed in U.S. Pat. No. 6,693,878. U.S. Pat. No. 6,665,273 describes a MPLS system with a network device for traffic engineering.
Virtual Private LAN Service (VPLS) has recently generated interest with enterprises and service providers as it offers multipoint Ethernet LAN services, often referred to as Transparent LAN Service (TLS), over MPLS networks. VPLS is an architecture that delivers a Layer 2 multipoint VPN service that in all respects emulates an Ethernet LAN across a wide metropolitan geographic area. All services in a VPLS appear to be on the same LAN, regardless of location. In other words, with VPLS, customers can communicate as if they were connected via a private Ethernet segment, i.e., multipoint Ethernet LAN services. VPLS thus supports the connection of multiple sites in a single bridged domain over a managed IP/MPLS network.
FIG. 1 illustrates an example of a basic VPLS architecture with an IP or MPLS service provider network core. The customer sites (i.e., CE devices) are connected to the service provider network at a PE device. Each PE-CE pair is shown connected by an Attachment Circuit (AC). An AC is the customer connection to a service provider network; that is, the connection between a CE and its associated PE. An AC may be a physical port, or a virtual port, and may be any transport technology, i.e., Frame Relay, ATM, Ethernet VLAN, etc. In the context of a VPLS, an AC is typically an Ethernet port. In the example of FIG. 1, each PE includes a Virtual Switch Instance (VSI) that emulates an Ethernet bridge (i.e., switch) function in terms of MAC address learning and forwarding in order to facilitate the provision of a multi-point L2VPN. A pseudowire (PW) is shown connecting every two VSIs. A PW is a virtual connection that is bi-directional in nature and, in this example, consists of a pair of unidirectional MPLS Virtual Circuits (VCs).
Conceptually in context of the VPLS service, a PW can be thought of as point-to-point virtual link for each offered service between a pair of VSIs. Therefore, if each VSI can be thought of as a virtual Ethernet switch for a given customer service instance, then each PW can be thought of as a virtual link connecting these virtual switches to each other for that service instance.
Another type of provider provisioned VPN architecture that uses PWs is the Virtual Private Wire Service (VPWS). VPWS is a Layer 2 service that provides point-to-point connectivity (e.g., Frame Relay, ATM, point-to-point Ethernet) and can be used to create port-based or VLAN-based Ethernet private lines across a MPLS-enabled IP network. Conceptually, in the context of the VPWS service, a PW can be thought of as a point-to-point virtual link connecting two customer ACs. After a PW is setup between a pair of PEs, frames received by one PE from an AC are encapsulated and sent over the PW to the remote PE, where native frames are reconstructed and forwarded to the other CE. All PEs in the SP network are connected together with a set of tunnels, with each tunnel carrying multiple PWs. Depending on the number of customer sites and the topology for connecting these sites, the number of PWs setup for a given customer can range from two, for a customer with only two sites, to many PWs for a customer who has locations connected to every PE.
For an Ethernet network to function properly, only one active path can exist between any two nodes. To provide path redundancy and prevent undesirable loops in the network topology caused by multiple active paths, Ethernet networks typically employ Spanning Tree Protocol (STP), or some variant of STP, e.g., MSTP or RSTP. (For purposes of the present application, STP and its variants are generically denoted by the acronym “xSTP”.) Switches in a network running STP gather information about other switches in the network through an exchange of data messages called Bridge Protocol Data Units (BPDUs). BPDUs contain information about the transmitting switch and its ports, including its switch and port Media Access Control (MAC) addresses and priorities. The exchange of BPDU messages results in the election of a root bridge on the network, and computation of the best path from each switch to the root switch. To provide path redundancy, STP defines a tree from the root that spans all of the switches in the network, with certain redundant paths being forced into a standby (i.e., blocked) state. If a particular network segment becomes unreachable the STP algorithm reconfigures the tree topology and re-establishes the link by activating an appropriate standby path. Examples of networks that run STP are disclosed in U.S. Pat. Nos. 6,519,231, 6,188,694 and 6,304,575.
A redundancy mechanism for Virtual Private LAN Service with Ethernet access network is described in Section 11.2 of the Internet Engineering Task Force (IETF) document draft-ietf-l2vpn-vpls-ldp-01.txt. The redundancy mechanism described in that draft leverages the use of xSTP on the Ethernet bridges in the access network as well on the PEs to provide a failure recovery mechanism for link and node failures. According to this approach, each network-facing PE (n-PE) runs xSTP such that each BPDU packet is terminated by the receiving n-PE and the information in the BPDU packet is processed by the n-PE. The n-PE then originates a new BPDU packet using the newly processed information. The main drawback of this mechanism is that it requires every node in the Ethernet access network, including n-PE devices, to execute the spanning-tree protocol. However, certain platforms (e.g., with router-based platforms) utilize n-PE devices that are not equipped to run xSTP protocols. These platforms would require costly xSTP-related software development in order to run xSTP protocols.
Thus, there is a need for alternative methods and apparatus that achieve redundancy functionality for VPLS services with Ethernet access networks, while obviating the need to run xSTP protocols on the n-PEs.