A virtual private network (VPN) is a collection of customer sites that communicate with each other over a network infrastructure that is shared by other VPNs. In a VPN, the sites share common routing information. A given site may belong to more than one VPN if it holds routes from separate VPNs. This provides the capability to build intranets and extranets, as well as any other topology. A Multiprotocol Label Switching (MPLS) VPN uses a network infrastructure provided by an Internet Protocol (IP) MPLS/Boarder Gateway Protocol (BGP) based network. MPLS (Multiprotocol Label Switching) is used for forwarding packets over a provider or backbone network, while BGP (Border Gateway Protocol) is used for distributing routes over the network. VPN in a MPLS/VPN architecture can be conceptualized as a community of interest or a closed user group, which is dictated by the routing visibility that the site will have. MPLS VPN technology supports various VPN topologies such as hub and spoke topologies, central service topologies, full-mesh topologies, and hybrid topologies. The most complex of these topologies to implement and also the widely deployed topology is the hub and spoke topology. Hub and spoke topology is used where a customer requires all of its spoke traffic (e.g., spoke-to-hub and spoke-to-spoke) to pass through the hub network.
A route target (RT) functions as a filter to import and export routes into and out of a given virtual routing and forwarding (VRF) table in order to establish the VPN routes. Allocation and management of RTs is typically performed manually, and thus can be time consuming and error-prone, especially as the complexity of a VPN increase (e.g., as the number of sites joining the VPN increase). Furthermore, errors in the import/export of routes in a VRF table may render a VPN dysfunctional and insecure by introducing undesired extra routes.