In recent years, the nature of a computer network has expanded from a single wired network accessed by users located within an enterprise's premises to include networks of multiple premises of a single enterprise, networks located at one site that are accessed by users at many different sites, networks that are accessed by users working from home or while traveling, and networks that are accessed wirelessly, both from within and outside the enterprise's premises. In all of these cases, the users wish to access and use the applications and documents stored on the central network just as if they were physically present and using a secure wired connection to the network made within the enterprise's premises.
One way to address the need for such secure remote connections has been through the use of Virtual Private Networks. Such networks, known as VPNs, are widely used in the art to connect an enterprise's users to the enterprise's network, even if the users are in geographically disparate locations. Several prior art patents describe the architecture and operation of such Virtual Private Networks as are known in the art. Among these are U.S. Pat. No. 6,339,595 to Rekhter et al, which discloses a system and method for tagging data packets so that they are properly routed during the transit from the enterprise network to the remote user. Another such prior art patent is U.S. Pat. No. 6,788,681 to Hurren et al., which discloses a method and apparatus for provisioning a large number of VPNs over a connectionless network. U.S. Pat. No. 6,912,232 to Duffield et al., discloses an apparatus and method for using multiplexing to allocate VPN traffic to maximize efficiency in utilizing network resources.
VPNs such as those disclosed in these patents traditionally support only point-to-point, or unicast, communications between customer sites. Typically, an enterprise will use a service provider to design and operate the network of routers and circuits that make up a VPN. However, more recently, VPN customers are requesting that its service providers make available point-to-multipoint, or multicast, service in their VPNs. This demand has led to the creation of Multicast VPN (MVPN) technology, which supports wider distribution of communications in a VPN than is available in a point-to-point service. By “multicast” as used herein is intended the transmission to a plurality of users (or non-users) determining a group or groups of terminal apparatus, as differentiated from the term “broadcast” which implies a transmission to all terminals of a network.
A leader in the development of this MVPN technology is Cisco Systems, Inc., who has developed distribution systems and methods for such multicast communication, as is described in the Cisco Systems white paper, “Multicast Virtual Private Networks” and “Multicast VPN,” also by Cisco Systems. MVPN technology permits the efficient distributed replication of data because only one copy of a data packet is needed to traverse from the source, and distribution trees are used to replicate the packet for distribution to all users on the VPN. The efficiency gain of an MVPN derives from its use of Multicast Distribution Trees (MDTs) in the provider's network to leverage that network's packet replication capabilities to deliver VPN traffic to only the relevant customer sites, using only the necessary links in the backbone. Such technology will enable efficient support for applications such as videoconferencing, webcasting, and software distribution in a VPN.
MVPN technology requires two layers of multicast communication. First, within the VPN, customer traffic in the form of data packets are sent from a single source to multiple users using IP multicast technology known in the art as described in, for example, Cisco Systems, “IP Multicast Technology Overview.” Second, the customer multicast technology is transported between customer locations across the provider backbone. This is accomplished by encapsulating traffic sent to a customer multicast group address within an IP packet that is addressed to a provider multicast group address. All Provider Edge (PE) routers to which customers of the VPN are attached join in this multicast group and receive all traffic sent to it.
Thus, there is multicast traffic to and from both a customer multicast group and a provider multicast group. An enterprise using MVPN service often will want to obtain information regarding this traffic, to ensure that only authorized users are accessing the network via the MVPN or to ensure that MVPN resources are being used efficiently. For example, as disclosed in U.S. Pat. No. 6,910,067 to Silverman et al., an enterprise may wish to monitor the number of users in a VPN session to ensure that the number of users does not exceed a maximum number of sessions supported by the network. Another use for monitoring is disclosed in U.S. Pat. No. 6,965,883 to Xu et al., wherein use of a multicast infrastructure is monitored to permit billing for multicast services provided.
However, neither of these methods addresses the need for a service provider that supports MVPN service to collect information regarding multicast transactions from both the customer multicast group and the provider multicast group or to collect information regarding the relationship between these two groups. Such information will be necessary to permit the service provider to manage, monitor, and debug the multicast VPN service in order to provide the optimum service to its customers.
One way to monitor an MVPN is to place a monitoring station within each VPN to provide information regarding each individual VPN network. However, such a method is expensive, since it would require placement of a large number of monitoring stations. Such a method also is impractical, since it would require the placement of a monitoring station within customer networks to which the service provider might not have access.
Thus, there is a need for a system and method to collect multicast-related control information in the provider background and use this control information to provide a service provider with information regarding the status of the MVPN.