A virtual private network (VPN) is a virtual private communication network set up by an Internet service provider (ISP) or a network service provider (NSP) on a public network. A multi-protocol label switching (MPLS) L2VPN provides L2VPN services based on an MPLS network so that a service provider (SP) can deploy L2VPN services on an MPLS network.
As shown in FIG. 1, a basic model of the MPLS L2VPN includes: a provider edge routing device (PE), a customer edge routing device (CE), an attachment circuit (AC), a packet switched network (PSN) tunnel, and a pseudo wire (PW). The AC is a logical link between the CE and the PE. The PW is an encapsulated bearer channel on the PE, set up by a signaling protocol, and identified by a virtual circuit (VC) identifier and a VC type.
In actual network applications, multiple devices of one VPN user may connect to the VPN from different autonomous systems (ASs) in different cities, and the ASs may belong to a single SP or different SPs. The VPN interconnecting different ASs needs to adopt an inter-AS VPN solution.
Three solutions are currently available for implementing a MPLS VPN between ASs: Option A, Option B, and Option C, respectively. In Option A, sub-interfaces are used between different ASs. However, only a limited number of sub-interfaces can be supported by an autonomous system boundary router (ASBR), and, therefore, Option A is not well extensible. In Option B, MPLS forwarding is applied between different ASs, and the ASBR does not need to support the sub-interfaces. Therefore, Option B is more extensible than Option A. Option C is seldom used due to the reasons such as management inconvenience and lack of security.
MPLS L2VPNs can be classified into two types: point-to-point VPN and point-to-multipoint VPN. Currently, label distribution protocol (LDP) is used as a signaling protocol to transmit layer-2 information and VC labels. With the LDP, only Option A and Option C can be used to implement the VPN between ASs.
It is assumed that CE1 and CE2 belong to users of a first local VPN (VPN1), and that CE3 and CE4 belong to users of a second local VPN (VPN2). If Option A is adopted to implement the MPLS VPN between ASs, an interface (generally, a sub-interface) on the ASBR needs to be allocated to each of a user of the VPN1 and a user of the VPN2, and the intra-AS PW is extended only to these sub-interfaces. L2VPN mapping packets and VC labels are forwarded between different ASBRs according to the sub-interfaces.
Option A has the following drawbacks: a sub-interface on the ASBR needs to be allocated to each VPN user. Because some interfaces do not support sub-interfaces, and the number of sub-interfaces that can be supported by an interface is limited, it is not convenient to add users massively, and thus the network is not well extensible. Moreover, too many sub-interfaces lead to management difficulties and slow startup of devices.
It is still assumed that CE1 and CE2 belong to users of the VPN1, and that CE3 and CE4 belong to users of the VPN2. If Option C is adopted to implement the MPLS VPN between ASs, a first AS (AS1) needs to learn the route in a second AS (AS2) and set up a tunnel to the AS2; and AS2 needs to learn the route in the AS1 and set up a tunnel to the AS1 as well.
Option C has the following drawbacks:
(1) An AS needs to learn the route in other ASs and set up a tunnel to other ASs, and the user needs to take the problems of management inconvenience and lack of security into consideration.
(2) More tunnels need to be set up in an AS. In addition to the tunnels set up according to the route in this AS, more tunnels need to be set up according to the route in other ASs.
(3) Users hardly accept the Option C due to management inconvenience and lack of security.
It is found that some SPs hope to use Option B to implement the MPLS L2VPN between ASs. However, current art does not have implementation plans that support Option B in MPLS L2VPN.