1. Field of the Invention
The present invention relates to an apparatus and a method of managing virtual private networks (VPNs), and more particularly, to an apparatus and method of designating virtual sites using policy information in multiprotocol label switching (MPLS) networks.
2. Description of the Related Art
Nowadays, subscribers have taken a lease on point-to-point private lines from network operators, established their own wide area networks (WANs), and utilized them as private networks. These private networks are called virtual private networks (VPNs) since the private lines have been superseded by various kinds of virtual lines. Owing to the development of the Internet, as many network operators have replaced frame relay/asynchronous transfer mode (FR/ATM) networks by Internet protocol (IP) networks, techniques of providing VPNs using the IP networks have been developed.
Multiprotocol label switching (MPLS) is a technique capable of using advantages of ATM in IP networks, a connection-oriented technique, and also a tunneling technique using a label stack. Since the MPLS exhibits a high quality of service (QoS) and supports a wide protection function, it is becoming an essential VPN technique provided by the network operators instead of conventional tunneling protocol.
FIG. 1 is a construction diagram of an MPLS-VPN 10 that supports VPN sites. Referring to FIG. 1, in the MPLS-VPN 10 supporting VPN sites, a first customer edge (CE1) and a second CE (CE2), which are connected to a first provider edge (PE1) and a second provider edge (PE2), respectively, constitute a first site and a second site, respectively.
Generally, to provide a virtual private network (VPN) service in the MPLS network, as shown in FIG. 1, it is required to select one VPN group for one interface of a PE router. In this case, each interface of the PE router is one-to-one connected to a CE router and constitutes one VPN group through the CE router. Although the VPN service for each VPN group can be provided through the MPLS network, it is impossible to provide differentiated services in each VPN group. To solve this problem, a method of dividing one VPN site into several virtual sites by customers has been proposed.
FIG. 2 is a construction diagram of the MPLS network that supports VPN virtual sites. Referring to FIG. 2, CE1 and CE2, which are connected to PE1 and PE2 of the VPN virtual site, respectively, each include two virtual sites. That is, the CE1 includes a first virtual site and a second virtual site, and the CE2 include a third virtual site and a fourth virtual site.
As can be seen from FIG. 2, when each VPN group connected to one PE interface is re-divided into small groups, each small group is defined as a virtual site, and virtual sites can be divided using policy information, such as source IP addresses or virtual local area network (VLAN) tags.
However, the re-division of each VPN group is enabled only when a VPN connected to a CE router is in a LAN environment that provides VLAN services or an IP network from which source IP addresses can be known. In addition, QoS services are essentially required for the VPN services. If the MPLS network utilizes the VLAN tags or source IP addresses, it is difficult to provide a variety of QoS services. Accordingly, various kinds of policy information are required for dividing virtual sites, and it is necessary to develop new methods of providing differentiated services based on the policy information.