Router for virtual private network employing tag switching
First Claim
1. A method for operating a provider edge router, comprising:
- receiving a data packet by the provider edge router from a first customer edge router of a customer network, the data packet associated with a particular virtual private network (VPN) of the customer network;
creating a header for forwarding the data packet, the header containing a first tag and a second tag, the first tag to be read by a provider transit router, the first tag indicating a next-hop on a path through a provider network to a second provider edge router, and the second tag to be read by the second provider edge router, the second tag indicating an egress channel of the second provider edge router providing access to a second customer edge router that is part of the VPN; and
forwarding the data packet with the header to the provider transit router so that the provider transit router can forward the data packet toward the second provider edge router in response to the first tag, and the second provider edge router can forward the data packet to the second customer edge router in response to the second tag.
0 Assignments
0 Petitions
Accused Products
Abstract
A service provider'"'"'s routers (PE1, P1, P2, PE2) provide connections between and share routing information with routers (CE1, CE2) of a customer virtual private network (VPN) as well as routers of other customers'"'"' VPNs, which may have overlapping address spaces. A service provider'"'"'s edge router (PE1) informed by the customer'"'"'s router (CE1) that it will forward packets to a given prefix notifies the other edge router (PE2) that PE1 can forward packets to that address prefix if the destination is in the VPN to which CE1 belongs. PE1 also tells PE2 to tag any thus-destined packets with a particular tag T3. PE2 stores this information in a forwarding information base that it separately keeps for that VPN so that when PE2 receives from a router CE2 in the same VPN a packet whose destination address has that prefix, it tags the packet as requested. But PE2 also tags it with a tag T2 that the router P2 to which PE2 first sends it has asked PE2 to apply to packets to be sent to PE1. P2 routes the packet in accordance with T2, sending it to P1 after replacing T2 with a tag T1 that P1 has similarly asked P2 to use. P1 removes T1 from the packet and forwards it in accordance with T1 to PE1, which in turn removes T3 from the packet and forwards it in accordance with T3 to CE1. In this manner, only the edge routers need to maintain separate routing information for separate VPNs.
-
Citations
27 Claims
-
1. A method for operating a provider edge router, comprising:
-
receiving a data packet by the provider edge router from a first customer edge router of a customer network, the data packet associated with a particular virtual private network (VPN) of the customer network; creating a header for forwarding the data packet, the header containing a first tag and a second tag, the first tag to be read by a provider transit router, the first tag indicating a next-hop on a path through a provider network to a second provider edge router, and the second tag to be read by the second provider edge router, the second tag indicating an egress channel of the second provider edge router providing access to a second customer edge router that is part of the VPN; and forwarding the data packet with the header to the provider transit router so that the provider transit router can forward the data packet toward the second provider edge router in response to the first tag, and the second provider edge router can forward the data packet to the second customer edge router in response to the second tag. - View Dependent Claims (2, 3, 4, 12, 13, 14)
-
-
5. A method for operating a system of routers, comprising:
-
receiving at a first provider edge router a data packet from a first customer edge router of a customer network, the data packet associated with a particular virtual private network (VPN) of the customer network; creating a header by the first provider edge router for forwarding the data packet, the header containing a first tag and a second tag, the first tag to be read by a provider transit router, the first tag indicating a next-hop on a route through the provider network to a second provider edge router, and the second tag to be read by a second provider edge router, the second tag indicating a particular egress channel of the second provider edge router providing access to a second customer edge router that is part of the VPN; forwarding the data packet with the header to the provider transit router; reading the first tag by the provider transit router, and forwarding the data packet in response to the first tag, on the route to the second provider edge router; and reading the second tag by the second provider edge router, and forwarding the data packet by the second provider edge router in response to the second tag to a second customer edge router. - View Dependent Claims (6, 7, 8, 9, 10, 11)
-
-
15. A method for operating a router, comprising:
-
receiving a data packet from a provider router, the data packet having a header, the data packet associated with a particular virtual private network (VPN) of a customer network; reading a first tag and a second tag from the header; deciding, in response to the first tag and the second tag, whether the router is a provider transit router or a provider edge router; routing the data packet, in the event that the decision is that the router is a provider transit router, to a downstream provider router in response to the first tag; and routing the data packet, in the event that the decision is that the router is a provider edge router, to a particular egress channel that leads to a downstream customer edge router that is part of the VPN in response to the second tag. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method for operating an edge router of a provider network comprising:
-
receiving a data packet from a router of a customer network associated with a virtual private network (VPN), the data packet including a destination address field that specifies an address of a node in another portion of the customer network also associated with the VPN, the other portion of the customer network accessible through the provider network; making a routing decision based on the contents of the data packet'"'"'s destination address field and the router of the customer network the data packet is received from, the routing decision determining a path through the provider network to an egress edge router that provides access to the other portion of the customer network; adding to the data packet an internal-routing field that includes a first tag and a second tag, the first tag to indicate a next hop along the path to the egress edge router, and the second tag to indicate a particular egress channel of the egress edge router that leads to the node in another portion of the customer network also associated with the VPN; indicating in the data packet that any routers along the path through the provider network to the egress edge router are to make routing decisions based on the internal-routing field without reference to the destination address field; and forwarding the data packet. - View Dependent Claims (21, 22)
-
-
23. A system comprising:
-
an edge router of a provider network configured to receive a data packet from a router of a customer network associated with a virtual private network (VPN), the data packet including a destination address field that specifies an address of a node in another portion of the customer network that is also associated with the VPN, the other portion of the customer network accessible through the provider network, the edge router configured to determine a path through the provider network to an egress edge router that provides access to the other portion of the customer network, the path determined based upon the data packet'"'"'s destination address field and the router of the customer network the data packet is received from, the edge router to add to the data packet an internal-routing field that includes a first tag and a second tag that describe the path; a transit router of the provider network configured to receive the data packet and to make a next-hop routing decision based on the first tag of the internal-routing field, without reference to the destination address field, the transit router further configured to generate a new value for the first tag and to update the first tag with this new value before forwarding the data packet; and an egress edge router of the provider network configured to receive the data packet and to select a particular egress channel based on the second tag, the egress channel to lead to the node in another portion of the customer network also associated with the VPN. - View Dependent Claims (24, 25, 26, 27)
-
Specification