Virtual Private Networks (i.e., VPNs) provide a partitioning mechanism for isolating data transmitted and received between customer network nodes even though a corresponding physical network supporting propagation of the data is shared by many users. The data transmitted between such network nodes may be encrypted to protect against eavesdropping and tampering by unauthorized parties. Because the physical network is shared, costs of using resources are generally reduced for each of many users. A typical arrangement involves customer edge routers communicating via the Internet (or shared backbone) between local area networks (LANs), which the respective edge routers protect. The edge routers establish secure, encrypted links between each other to protect the trusted LANs in the VPN.
A physical network such as a service provider network topology, therefore, may include peripherally located provider edge routers, each of which couples to one or multiple customer edge routers. The customer edge routers, in turn, may couple to private local area networks associated with one or multiple customers. Typically, the service provider network selectively couples the local area networks to each other through links created between its provider edge routers.
According to one conventional technique, a service network may extend beyond provider edge nodes to customer edge nodes. For example, the connectivity model supported by RFC2547 (IETF Request For Comments 2547, as is known in the art) generally enables multiple CE (Customer Edge) nodes to establish a link between each other for transmission of data messages between corresponding interconnected networks. Copending U.S. patent application Ser. No. 10/649,755, filed Aug. 26, 2003, entitled “Method and Apparatus to Distribute Policy Information” attempts to provide the identity of peers used to establish a secure communication and provides a mechanism for distributing routing and community of interest information among such customer edge nodes, or routers.