Many definitions of VPNs can be considered:
Definition 1: A VPN is a set of users (devices attached to the network) sharing common membership information and intended to establish inter-site connectivity (within that group). A user can be a member of multiple groups (VPNs).
Definition 2: A VPN is a client private network that subscribes to restricted connectivity services.
Definition 3: A VPN is a service where a customer requests multi-site connectivity services provided through a shared network infrastructure.
Definition 4: A VPN is a service where a partition of internal provider network resources is allocated to a customer.
Using specialized tunneling protocols and optionally secured encryption techniques, data integrity and privacy may be maintained in a VPN.
Categories of VPNs include layer-1, layer-2 and layer-3. “Layer-n” is in reference to the network layer used to perform the hand-off between the customer and provider network.
Layer-1 VPNs can be simple, point-to-point connections such as leased lines, ISDN links, or dial-up connections. They are known to be simple for the provider, as they place all responsibility for operating the network over the connection on the customer. In other words, the customer needs to provide and manage all the routing and switching equipment that operates over the connection.
Layer-2 VPN is a VPN in which the service provider connects customer sites using leased circuits connecting into a point of presence (POP) or node on a shared core network. Layer-2 VPNs are typically based on Frame Relay or ATM. Exemplary VPN mechanisms at layer-2 include virtual private LAN service (VPLS) (see Waldemar Augustyn et al., “Requirements for Virtual Private LAN Services (VPLS)”, October 2002) and virtual private wire (VPW) (see Eric Rosen et al, “L-2 VPN Framework”, February 2003).
Layer-3 VPN is a VPN in which the service provider supplies a leased circuit connection between the customer site and the nearest POP on the edge of the service provider network or manages customer routing on behalf of the customer. The service provider takes care of the routing and addressing of the customer traffic. The service provider distributes the IP addressing information for a company across all of its relevant sites. Exemplary VPN mechanisms at layer-3 include virtual routing (VR)—base mechanisms, such as VR using border gateway protocol (BGP) (see Hamid Ould-Brahim et al “Network-based IPN VPN Architecture using Virtual Routers”, July 2002) or VPN-based RFC 2547 bis (see Eric Rosen, et al, “BGP/MPLS VPNs”, October 2002).
There are various possible arrangements for unifying different types of VPNs. In one known network arrangement, two carriers are provided. The first carrier is a provider providing layer-2 or layer-3 VPN services. The second carrier is a sub-provider providing layer-1 or generalized VPN (GVPN) services. GVPN service (which in this case the first carrier subscribes to) is a VPN service that uses BGP as a VPN auto-discovery (VPN discovery is a process in which VPN routing information is distributed) and generalized multi-protocol label switching (GMPLS) (which will be discussed) as signaling and routing mechanisms.
The known methods for running this network arrangement have problems. Manual configuration is required for all the BGP-TCP sessions for the purpose of distributing layer-2/3 VPN information. Scaling problems also exist. The known provisioning model is a double-sided provisioning model.