Method and apparatus for implementing hub-and-spoke topology virtual private networks

US 7,075,933 B2
Filed: 12/23/2003
Issued: 07/11/2006
Est. Priority Date: 08/01/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A BGP/MPLS-based hub and spoke Virtual Private Network (VPN) topology, comprising:

a first hub Provider Edge (PE) network element;

a plurality of spoke PE network elements; and

a first directional VPN Routing and Forwarding (VRF) table associated with the first hub PE network element and configured to enable the first hub PE network element to route traffic that arrives over a network backbone from the spoke PE network elements differently than traffic that arrives from an attached hub Customer Edge (CE) network element.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Deployment of a hub-and-spoke (HaSP) topology virtual private network (VPN) may be facilitated by implementing a bi-directional VRF on a hub PE and using the hub PE as a hub-reflector. Route distinguishers and route targets may be used to differentiate traffic originating on the spokes from traffic originating on the hub. Using a bi-directional VRF allows a HaSP VPN to be created using a single link between the hub CE and hub PE. Allowing the hub CE to control spoke route distribution, and differentiating the direction of the flow by route target and route designator, enables the hub to control traffic between the spokes. Configuring the hub PE as a route reflector allows communication between the spokes to take place without having the CE hub inspect every piece of traffic. Optionally, other services may be provided by the hub PE as well, such as NAT, firewall, and AAA services.

Citations

20 Claims

1. A BGP/MPLS-based hub and spoke Virtual Private Network (VPN) topology, comprising:
- a first hub Provider Edge (PE) network element;
  
  a plurality of spoke PE network elements; and
  
  a first directional VPN Routing and Forwarding (VRF) table associated with the first hub PE network element and configured to enable the first hub PE network element to route traffic that arrives over a network backbone from the spoke PE network elements differently than traffic that arrives from an attached hub Customer Edge (CE) network element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The hub and spoke VPN topology of claim 1, wherein the first directional VRF forwarding table is maintained at the first hub PE network element.
  - 3. The hub and spoke VPN topology of claim 1, further comprising a first hub Customer Edge (CE) network element configured to interface with the first hub PE network element over a first single bi-directional communication link.
  - 4. The hub and spoke VPN topology of claim 3, wherein the first directional VRF forwarding table is configured to control traffic on the first single bi-directional communications link.
  - 5. The hub and spoke VPN topology of claim 3, wherein the first CE network element is further configured to interface with the first hub network element over a second single bi-directional communication link.
  - 6. The hub and spoke VPN topology of claim 5, wherein the first directional VRF forwarding table is configured to control traffic on the first single bi-directional communications link and on the second single bi-directional communication link.
  - 7. The hub and spoke VPN topology of claim 3, further comprising a second CE network element configured to interface with the first hub PE network element over a second single bi-directional communication link.
  - 8. The hub and spoke VPN topology of claim 7, wherein the first directional VRF forwarding table is configured to control traffic on the first single bi-directional communications link and on the second single bi-directional communication link.
  - 9. The hub and spoke VPN topology of claim 3, further comprising a second hub, and wherein the first CE network element is configured to interface with the second hub over a second single bi-directional communication link.
  - 10. The hub and spoke VPN topology of claim 9, further comprising a second directional VRF forwarding table associated with the second hub PE network element and configured to control traffic on the second single bi-directional communication link.
  - 11. The hub and spoke VPN topology of claim 10, wherein the first VRF forwarding table contains first routing information and the second VRF forwarding table contains second routing information, the first routing information being functionally identical to the second routing information.
  - 12. The hub and spoke VPN topology of claim 3, further comprising a second hub PE network element and a second CE network element, said second CE network element being configured to interface with the second hub PE network element over a second single bi-directional communication link.
  - 13. The hub and spoke VPN topology of claim 12, further comprising a second directional VRF forwarding table associated with the second hub PE network element and configured to control traffic on the second single bi-directional communication link.
  - 14. The hub and spoke VPN topology of claim 13, wherein the first VRF forwarding table contains first routing information and the second VRF forwarding table contains second routing information, said first routing information being functionally identical to the second routing information.
  - 15. The hub and spoke VPN topology of claim 1, wherein the first hub PE network element is a hub reflector and wherein the first VRF forwarding table contains routing information sufficient to enable the hub reflector to reflect authorized traffic between the spokes, as directed by the attached CE network element.

16. A method of exchanging routing information in a BGP/MPLS-base hub-and-spoke topology Virtual Private Network (VPN), the method comprising the steps of:
- importing, by a directional VPN Routing and Forwarding (VRF) table associated with a first hub Provider Edge (PE) network element, first route information associated with a first route learned from a first VPN spoke in the hub-and-spoke VPN, said first route information being associated with a route from the first hub PE network element to the first spoke;
  
  passing the first route information to an attached VPN hub Customer Edge (CE) network element to be evaluated; and
  
  importing, by the directional VRF, second route information associated with the route if authorized by the VPN hub CE network element, said second route information being associated with a route from at least a second spoke to the first spoke via the first hub PE network element.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the first route information is for a route from the first hub PE network element to the first VPN spoke, and wherein the second route information is for a route from at least a second of the VPN spokes to the first VPN spokes, said second route information being different than the first route information.
  - 18. The method of claim 16, wherein the CE network element is connected to the PE network element by a single communication link that is used to communicate from the CE network element to the PE network element, and from the PE network element to the CE network element.

19. A hub Provider Edge (PE) network element, comprising:
- control logic containing a directional Virtual Private Network (VPN) Routing and Forwarding (VRF) table for use in directing traffic in a BGP/MPLS-based hub-and-spoke VPN network topology, said directional VRF table containing first route information for use in connection with packets arriving from an attached hub Customer Edge (CE) network element and second route information for use in connection with packets arriving over a backbone network from the spokes.
- View Dependent Claims (20)
- - 20. The hub network element of claim 19, wherein the control logic is further configured to reflect traffic received from one of the spokes in the VPN network onto another of the spokes in the VPN network according to the directional VRF table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Aysan, Can
Primary Examiner(s)
Duong, Frank

Application Number

US10/746,472
Publication Number

US 20050025069A1
Time in Patent Office

931 Days
Field of Search

370/254, 370/351, 370/395.31, 370/401, 709/201, 709/203, 709238-242
US Class Current

370/395.31
CPC Class Codes

H04L 12/4641 Virtual LANs, VLANs, e.g. v...

Method and apparatus for implementing hub-and-spoke topology virtual private networks

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for implementing hub-and-spoke topology virtual private networks

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links