Shared communications network employing virtual-private-network identifiers
First Claim
1. A router, comprising:
- a port to receive a data message from a customer edge router, said data message sent from a source customer computer addressed to a destination customer computer, said source customer computer and said destination customer computer located within a common virtual private network (VPN);
a port to receive a reachability message from a provider router, said reachability message giving a route to said destination customer computer and including a VPN ID that identifies the destination computer as being within the common VPN; and
a transmitter to forward said data message with a tag written in said data message, said tag to designate said VPN.
0 Assignments
0 Petitions
Accused Products
Abstract
A service provider'"'"'s routers (PE1, P1, P2, PE2) provide connections between and share routing information with routers (CE1, CE2) of a customer virtual private network (VPN) as well as routers of other customers'"'"' VPNs, which may have overlapping address spaces. A service provider'"'"'s edge router (PE1) informed by the customer'"'"'s router (CE1) that it will forward packets to a given prefix notifies the other edge router (PE2) that PE1 can forward packets to that address prefix if the destination is in the VPN to which CE1 belongs. PE1 also tells PE2 to tag any thus-destined packets with a particular tag T3. PE2 stores this information in a forwarding information base that it separately keeps for that VPN so that when PE2 receives from a router CE2 in the same VPN a packet whose destination address has that prefix, it tags the packet as requested. But PE2 also tags it with a tag T2 that the router P2 to which PE2 first sends it has asked PE2 to apply to packets to be sent to PE1. P2 routes the packet in accordance with T2, sending it to P1 after replacing T2 with a tag T1 that P1 has similarly asked P2 to use. P1 removes T1 from the packet and forwards it in accordance with T1 to PE1, which in turn removes T3 from the packet and forwards it in accordance with T3 to CE1. In this manner, only the edge routers need to maintain separate routing information for separate VPNs.
108 Citations
24 Claims
-
1. A router, comprising:
-
a port to receive a data message from a customer edge router, said data message sent from a source customer computer addressed to a destination customer computer, said source customer computer and said destination customer computer located within a common virtual private network (VPN); a port to receive a reachability message from a provider router, said reachability message giving a route to said destination customer computer and including a VPN ID that identifies the destination computer as being within the common VPN; and a transmitter to forward said data message with a tag written in said data message, said tag to designate said VPN. - View Dependent Claims (2, 3, 4)
-
-
5. A router, comprising:
-
a port to receive a data message from a first customer edge router, said data message sent from a source customer computer addressed to a destination customer computer, said source customer computer and said destination customer computer located in separate virtual private networks (VPNs); a port to receive a reachability message from a provider router, said reachability message giving a route to said destination customer computer and including a VPN ID that identifies the destination computer as being within a separate VPN from the source customer computer; and a transmitter to forward said data message with a tag written in said data message, said tag to designate a second customer edge router located within the same VPN as said destination customer computer, said customer edge router used for receiving incoming data messages from outside said VPN of said destination customer computer. - View Dependent Claims (6, 7)
-
-
8. A router, comprising:
-
a port to receive a data message from a customer edge router, said data message sent from a source customer computer addressed to a destination customer computer, said source customer computer and said destination customer computer located within a common virtual private network (VPN); a port to receive a reachability message from a provider router, said reachability message giving a route to said destination customer computer; a transmitter to forward said data message with a tag written in said data message, said tag to designate said VPN; and a port to receive a second reachability message from a provider router, said second reachability message giving a route to an external computer having the same address as said destination customer computer, said external computer located in a second VPN other than said VPN of said destination customer computer, wherein said tag is used to distinguish between said VPN of said destination customer computer and said second VPN. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method for use in a router, said method comprising the steps of:
-
receiving a data message from a customer edge router, said data message sent from a source customer computer addressed to a destination customer computer, said source customer computer and said destination customer computer located within a common virtual private network (VPN); receiving a reachability message from a provider router, said reachability message giving a route to said destination customer computer and including a VPN ID that identifies the destination computer as being within the common VPN; and forwarding said data message with a tag written in said data message, said tag to designate said VPN.
-
-
15. A method comprising:
-
receiving a data message from a customer edge router, said data message sent from a source customer computer addressed to a destination customer computer, said source customer computer and said destination customer computer located within a common virtual private network (VPN); receiving a reachability message from a provider router, said reachability message giving a route to said destination customer computer; forwarding said data message with a tag written in said data message, said tag to designate said VPN; receiving a second reachability message from a provider router, said second reachability message giving a route to an external computer having the same address as said destination customer computer, said external computer located in a second VPN other than said VPN of said destination customer computer, wherein said tag is used to distinguish between said VPN of said destination customer computer and said second VPN. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A method for use in a router, said method comprising the steps of:
-
receiving a data message from a first customer edge router, said data message sent from a source customer computer addressed to a destination customer computer, said source customer computer and said destination customer computer located in separate virtual private networks (VPNs); receiving a reachability message from a provider router, said reachability message giving a route to said destination customer computer and including a VPN ID that identifies the destination computer as being within a separate VPN from the source customer computer; and forwarding said data message with a tag written in said data message, said tag to designate a second customer edge router located within the same VPN as said destination customer computer, said customer edge router used for receiving incoming data messages from outside said VPN of said destination customer computer. - View Dependent Claims (22)
-
-
23. A router, comprising:
-
means for receiving a data message sent from a customer edge router, said data message from a source customer computer addressed to a destination customer computer, said source customer computer and said destination customer computer located within a common virtual private network (VPN); means for receiving a reachability message from a provider router, said reachability message giving a route to said destination customer computer and including a VPN ID that identifies the destination computer as being within the common VPN; and means for forwarding said data message with a tag written in said data message, said tag to designate said VPN.
-
-
24. A computer readable media including software for execution on a processor, the software when executed operable to:
-
receive a data message from a customer edge router, said data message sent from a source customer computer addressed to a destination customer computer, said source customer computer and said destination customer computer located within a common virtual private network (VPN); receive a reachability message from a provider router, said reachability message giving a route to said destination customer computer; forward said data message with a tag written in said data message, said tag to designate said VPN; and receive a second reachability message from a provider router, said second reachability message giving a route to an external computer having the same address as said destination customer computer, said external computer located in a second VPN other than said VPN of said destination customer computer, wherein said tag is used to distinguish between said VPN of said destination customer computer and said second VPN.
-
Specification