Method and apparatus for implementing hub-and-spoke topology virtual private networks
First Claim
1. A BGP/MPLS-based hub and spoke Virtual Private Network (VPN) topology, comprising:
- a first hub Provider Edge (PE) network element;
a plurality of spoke PE network elements; and
a first directional VPN Routing and Forwarding (VRF) table associated with the first hub PE network element and configured to enable the first hub PE network element to route traffic that arrives over a network backbone from the spoke PE network elements differently than traffic that arrives from an attached hub Customer Edge (CE) network element.
8 Assignments
0 Petitions
Accused Products
Abstract
Deployment of a hub-and-spoke (HaSP) topology virtual private network (VPN) may be facilitated by implementing a bi-directional VRF on a hub PE and using the hub PE as a hub-reflector. Route distinguishers and route targets may be used to differentiate traffic originating on the spokes from traffic originating on the hub. Using a bi-directional VRF allows a HaSP VPN to be created using a single link between the hub CE and hub PE. Allowing the hub CE to control spoke route distribution, and differentiating the direction of the flow by route target and route designator, enables the hub to control traffic between the spokes. Configuring the hub PE as a route reflector allows communication between the spokes to take place without having the CE hub inspect every piece of traffic. Optionally, other services may be provided by the hub PE as well, such as NAT, firewall, and AAA services.
-
Citations
20 Claims
-
1. A BGP/MPLS-based hub and spoke Virtual Private Network (VPN) topology, comprising:
-
a first hub Provider Edge (PE) network element; a plurality of spoke PE network elements; and a first directional VPN Routing and Forwarding (VRF) table associated with the first hub PE network element and configured to enable the first hub PE network element to route traffic that arrives over a network backbone from the spoke PE network elements differently than traffic that arrives from an attached hub Customer Edge (CE) network element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of exchanging routing information in a BGP/MPLS-base hub-and-spoke topology Virtual Private Network (VPN), the method comprising the steps of:
-
importing, by a directional VPN Routing and Forwarding (VRF) table associated with a first hub Provider Edge (PE) network element, first route information associated with a first route learned from a first VPN spoke in the hub-and-spoke VPN, said first route information being associated with a route from the first hub PE network element to the first spoke; passing the first route information to an attached VPN hub Customer Edge (CE) network element to be evaluated; and importing, by the directional VRF, second route information associated with the route if authorized by the VPN hub CE network element, said second route information being associated with a route from at least a second spoke to the first spoke via the first hub PE network element. - View Dependent Claims (17, 18)
-
-
19. A hub Provider Edge (PE) network element, comprising:
control logic containing a directional Virtual Private Network (VPN) Routing and Forwarding (VRF) table for use in directing traffic in a BGP/MPLS-based hub-and-spoke VPN network topology, said directional VRF table containing first route information for use in connection with packets arriving from an attached hub Customer Edge (CE) network element and second route information for use in connection with packets arriving over a backbone network from the spokes. - View Dependent Claims (20)
Specification