US20070112975A1 - Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks - Google Patents

Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks Download PDF

Info

Publication number
US20070112975A1
US20070112975A1 US11/652,359 US65235907A US2007112975A1 US 20070112975 A1 US20070112975 A1 US 20070112975A1 US 65235907 A US65235907 A US 65235907A US 2007112975 A1 US2007112975 A1 US 2007112975A1
Authority
US
United States
Prior art keywords
address
network
address space
traffic
tunnel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/652,359
Inventor
Christian Cassar
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US11/652,359 priority Critical patent/US20070112975A1/en
Publication of US20070112975A1 publication Critical patent/US20070112975A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/16Multipoint routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/668Internet protocol [IP] address subnets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses

Definitions

  • This invention generally relates to the field of internetworking in data communications.
  • the invention relates more specifically to redirecting network traffic through a multipoint tunnel overlay network using distinct IP address spaces for the overlay and transport networks.
  • An internet comprises a plurality of sites attached to a common network known as a backbone. Traffic between sites is routed from the source to a destination via nodes of the network. The traffic may be switched at the nodes based on the destination address. Alternatively, the traffic may be switched based on a header that is pre-pended to the original traffic such that some intermediate routing nodes have no knowledge of the final destination address.
  • This latter approach is known as tunneling and one well-known use of this approach is in the provision of virtual private networks (VPNs). This application of tunneling will be used to exemplify the invention but the invention is not intended to be limited to this area of application.
  • VPNs virtual private networks
  • the Internet Engineering Task Force (IETF) was set up to establish internet protocols.
  • the IETF RFC2547 (March 1999) deals with the provision of VPN services by a service provider.
  • CE Customer Edge
  • PE Provider Edge
  • the service provider's network comprises the PE routers and as well as other routers (P routers) that are not attached to CE devices.
  • PE Provider-Edge routers
  • IP “tunnels” which can be used to transport traffic across a service provider network. This idea was proposed by Eric Rosen and Yakov Rekhter in their IETF proposal entitled “Use of PE-PE GRE or IP in RFC2547 VPNs” (available from the IETF website and found at http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-gre-ip-2547-01.txt).
  • each PE router maintains a number of forwarding tables. Each site to which the PE is attached is mapped to one of the forwarding tables. On receipt of a packet from a site, the forwarding table for that site is consulted to determine the route for the packet. Once a PE learns of a site that is reachable from a new site, this information is distributed to all the other PE routers to which the PE router is attached, for instance by using a protocol such as BGP (Border Gateway Protocol). The PE routers update their forwarding tables in response.
  • BGP Border Gateway Protocol
  • PE routers exchange VPNv4 routes using BGP.
  • a PE router receives enough information in a VPNv4 update so as to determine that traffic received at a router, destined to some prefix P/m, should be tunneled to a destination N′.
  • a PE router receiving this information must set up its forwarding path to do just this.
  • IP based tunneling from one PE to another may be used as proposed in the Rosen/Rekhter draft referred to above.
  • a logical IP tunnel network makes the endpoints of the tunnel, i.e. the PE routers, immediately adjacent at the internetwork layer-layer 3 .
  • an overlay network is used to represent the direct path taken by tunneled traffic. This overlay network is accessed by a PE router through a logical tunnel interface.
  • N′ is an address on the tunnel overlay network and such that N is the tunnel address of a PE router reachable at N′ on the transport network.
  • an IP route of the form “P/m via N reachable through tunnel interface” is set up.
  • the use of a tunnel interface and a tunnel overlay network allow routes in a routing table to prescribe how traffic should be routed without introducing exceptions for tunneled as opposed to forwarded traffic.
  • the tunnel interface identifies that tunnel encapsulation must be imposed and N identifies which tunnel endpoint should be used.
  • the PE router When a routing update for the prefix P/m is received, the PE router needs to install the prefix P/m in the appropriate routing and forwarding table. A route lookup in this table for a destination covered by this prefix P/m should return the appropriate next hop/interface to which to dispatch the packet. To enable traffic to be transported over the tunnel overlay (i.e. tunneled through the transport network) to the remote PE, the route lookup must return a next hop on the overlay tunnel network.
  • the prefix 100.4.4.0/24 with next hop N must resolve through the connected tunnel network in order to ensure that traffic to 100.4.4.0/24 is tunneled through the transport network.
  • Linking 100.4.4.0/24 to a next hop N on the tunnel interface completes the forwarding setup for traffic sent to 100.4.4.0/24.
  • the IP address N on the tunnel would then have to be resolved to an underlying IP address of the router (123.1.1.4 in the example shown in FIG. 1 ) so that the outer IP header imposed when tunneling through the transport network can be populated appropriately and traffic can be tunneled to the destination through the transport network.
  • This process is analogous to resolving an IP next hop address to a MAC address using ARP on an Ethernet interface.
  • the disadvantages of this solution include: the need to use an address resolution protocol to provide the mapping between the IP address of the tunnel endpoint in the overlay network and the underlying transport address; and the allocation of address space by a service provider for the tunnel network such that all tunnel endpoints are provided with unique addresses, which are distinct from those of the transport network.
  • Address allocation and address resolution become more challenging if multiple service providers coordinate to provide the tunnel overlay network.
  • the overlay network is shared amongst all service providers and every router on the end of a tunnel is adjacent to every other one. Coordinating addressing and address resolution on the overlay network in such a case is more complicated if all addresses need to be unique amongst the set of addresses on the overlay AND the transport network.
  • a method for directing traffic across a network On receipt of traffic for a destination address in a network, there is looked up in a first address space information as to how traffic for the destination is to be forwarded, the information including a specified node N. There is then looked up in the second address space an address of the specified node N, the address of the node N in the second address space being related to an address in the first address space. For traffic that is to be tunneled to a specified node, the traffic is encapsulated in a header including the address specified in the first address space that is related to the address in the second address space.
  • the address in the second address space is preferably numerically identical to the related address in the first address space.
  • the related address in the first address space may be a link layer IP address corresponding to the internetwork layer IP address of a tunnel endpoint in the second address space.
  • a multipoint tunnel network may be defined in the second address space.
  • a routing protocol update may be used to distribute routing information between nodes of the network. This may take the form of an advertised next hop in a routing protocol update, the receipt of which triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
  • the IP address in the second address space is an internetwork layer IP address and the IP address in the first address space is a link layer IP address
  • a plurality of second address spaces may be provided, corresponding to the definition of multiple tunnels.
  • a router for directing traffic on a network, the router comprising a first address space including information relating to a destination address and information relating to forwarding of traffic for the destination address and a second address space including information relating to tunnel endpoint addresses.
  • a tunnel endpoint address in the second address space is related to the forwarding information in the first address space.
  • All addresses in the second address space may be directly connected to a multi-point tunnel network.
  • the addresses in the second address space thus define a multi-point tunnel network.
  • the tunnel endpoint address in the second address space is preferably numerically identical to the address in the first address space.
  • the address in the first address space may be a link layer IP address and the tunnel endpoint address in the second address space may be an internetwork layer IP address.
  • a routing protocol update may be used to distribute routing information between nodes of the network.
  • the receipt of an advertised next hop in a routing protocol update triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
  • a plurality of second address spaces may be provided, corresponding to the definition of multiple tunnels.
  • a router for directing traffic via a network comprises a first address space for storing information received from nodes of the network.
  • the information indicates a destination address and information as to how traffic for the destination address is to be forwarded via a specified node of the network.
  • a second address space stores information relating to how traffic is to be tunneled to a node of the network, the information indicating a destination address.
  • the destination address in the second address space is related to an address of the specified node in the first address space.
  • the router On receipt of routing information for the destination, the router re-directs the traffic for the destination by changing the address space of the next node from the first address space to the second address space.
  • a method of creating a virtual private network via one or more networks owned by one or more internet service providers comprises receiving information at a first node of the network that traffic for a destination is to the tunneled via a second node of the network.
  • the information indicates that the traffic for the destination is to be tunneled to the node.
  • the destination is part of a virtual private network.
  • the traffic for the destination is re-directed by changing the address space of the next node from a first address space to a second address space.
  • the information may be in a routing update received via the network.
  • a method of redirecting traffic to be tunneled across a network comprises deriving a link layer IP address of a multipoint tunnel endpoint from an internetwork layer IP address by making the link layer address numerically equivalent to the internetwork layer address, the link layer address being in a first address space distinct from a second address space of the internetwork address. Traffic is redirected by changing the address space of the next node from the first address space to the second address space.
  • the present invention can be used in conjunction with other mechanisms to provide a service provider with a transport mechanism based on IP tunnels for the delivery of virtual private networks.
  • FIG. 1 shows an example of a tunnel overlay network
  • FIG. 2 is a block diagram that illustrates a computer system upon which an embodiment of the invention may be implemented
  • FIG. 3 shows an example of encapsulation using MPLS Label
  • FIG. 4 shows an example of a RFC2547-based VPN using a tunnel overlay network
  • FIG. 5 shows how a tunnel address is resolved to its endpoint in accordance with the invention
  • FIG. 6 shows an example of the invention implemented using multipoint GRE tunnel/VPN
  • FIG. 7 shows an example of a network according to the invention implemented as an InterAS multipoint GRE tunnel VPN
  • FIG. 8 is a schematic representation of a first and second address space as proposed in the invention.
  • Computer system 200 includes a bus 202 or other communication mechanism for communicating information, and a processor 204 coupled with bus 202 for processing information.
  • Computer system 200 also includes a main memory 206 , such as a random access memory (RAM), flash memory, or other dynamic storage device, coupled to bus 202 for storing information and instructions to be executed by processor 204 .
  • Main memory 206 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 204 .
  • Computer system 200 further includes a read only memory (ROM) 208 or other static storage device coupled to bus 202 for storing static information and instructions for processor 204 .
  • a storage device 210 such as a magnetic disk, flash memory or optical disk, is provided and coupled to bus 202 for storing information and instructions.
  • a communication interface 218 may be coupled to bus 202 for communicating information and command selections to processor 204 .
  • Interface 218 is a conventional serial interface such as an RS-232 or RS-422 interface.
  • An external terminal 212 or other computer system connects to the computer system 200 and provides commands to it using the interface 214 .
  • Firmware or software running in the computer system 200 provides a terminal interface or character-based command interface so that external commands can be given to the computer system.
  • a switching system 216 is coupled to bus 202 and has an input interface 214 and an output interface 219 to one or more external network elements.
  • the external network elements may include a local network 222 coupled to one or more hosts 332 , or a global network such as Internet 228 having one or more servers 230 .
  • the switching system 216 switches information traffic arriving on input interface 214 to output interface 219 according to pre-determined protocols and conventions that are well known. For example, switching system 216 , in cooperation with processor 204 , can determine a destination of a packet of data arriving on input interface 214 and send it to the correct destination using output interface 219 .
  • the destinations may include host 332 ,server 230 , other end stations, or other routing and switching devices in local network 222 or Internet 228 .
  • the invention is related to the use of computer system 200 for redirecting traffic, especially tunneling traffic. According to one embodiment of the invention, this is provided by computer system 200 in response to processor 204 executing one or more sequences of one or more instructions contained in main memory 206 . Such instructions may be read into main memory 206 from another computer-readable medium, such as storage device 210 . Execution of the sequences of instructions contained in main memory 206 causes processor 204 to perform the process steps described herein. One or more processors in a multi-processing arrangement may also be employed to execute the sequences of instructions contained in main memory 206 . In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • Non-volatile media includes, for example, optical or magnetic disks, such as storage device 210 .
  • Volatile media includes dynamic memory, such as main memory 206 .
  • Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 202 . Transmission media can also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications.
  • Computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 204 for execution.
  • the instructions may initially be carried on a magnetic disk of a remote computer.
  • the remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem.
  • a modem local to computer system 200 can receive the data on the telephone line and use an infrared transmitter to convert the data to an infrared signal.
  • An infrared detector coupled to bus 202 can receive the data carried in the infrared signal and place the data on bus 202 .
  • Bus 202 carries the data to main memory 206 , from which processor 204 retrieves and executes the instructions.
  • the instructions received by main memory 206 may optionally be stored on storage device 210 either before or after execution by processor 204 .
  • Communication interface 218 also provides a two-way data communication coupling to a network link 220 that is connected to a local network 222 .
  • communication interface 218 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line.
  • ISDN integrated services digital network
  • communication interface 218 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN.
  • LAN local area network
  • Wireless links may also be implemented.
  • communication interface 218 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • Network link 220 typically provides data communication through one or more networks to other data devices.
  • network link 220 may provide a connection through local network 222 to a host computer 224 or to data equipment operated by an Internet Service Provider (ISP) 226 .
  • ISP 226 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 228 .
  • Internet 228 uses electrical, electromagnetic or optical signals that carry digital data streams.
  • the signals through the various networks and the signals on network link 220 and through communication interface 218 which carry the digital data to and from computer system 200 , are exemplary forms of carrier waves transporting the information.
  • Computer system 200 can send messages and receive data, including program code, through the network(s), network link 220 and communication interface 218 .
  • a server 230 might transmit a requested code for an application program through Internet 228 , ISP 226 , local network 222 and communication interface 218 .
  • one such downloaded application provides for tunneling as described herein.
  • the received code may be executed by processor 204 as it is received, and/or stored in storage device 210 , or other non-volatile storage for later execution. In this manner, computer system 200 may obtain application code in the form of a carrier wave.
  • the invention will be described with reference to the provision of Virtual Private Networks. However the invention is applicable to any internetworking system in which traffic is to be tunneled. Multiple service providers may cooperate and offer a joint VPN service with traffic tunneled directly from the ingress PE router at one service provider directly to the egress PE router at a different service provider. These service providers can be interconnected through non-cooperating service providers since IP packets are providing inter-PE transport for the VPN payload traffic.
  • the invention includes the use of a separate address space for the overlay network rendering address resolution trivial.
  • An overlay multi-access tunnel network is used to interconnect the PE routers (implying that only a single tunnel needs to be configured on a PE in order for the PE to be able to transport VPN traffic to all PEs).
  • a protocol such as Border Gateway Protocol (BGP) is used to distribute routing information, such as VPNv4 routing information, between PE routers. The advertised next hop in BGP VPNv4 updates may be used to trigger tunnel endpoint discovery.
  • BGP Border Gateway Protocol
  • a peer routing relationship is maintained between the service provider network and customer sites.
  • the invention also allows for the ability to provide flexible IP output features as traffic enters the overlay network using multiple address spaces for the tunnel overlay network.
  • the invention may be used by a service provider with an existing IP network to add, for example, a RFC2547 VPN service to the portfolio of services offered and not wishing to migrate the core of the network from IP forwarding to MPLS switching. It is this application that will now be considered as an exemplary embodiment of the invention.
  • Deploying the invention in support of RFC2547 VPN over IP results in a simple configuration, which is not on a per-VRF or per-remote PE basis.
  • a PE is able to use both IP tunnel and LSPs for transport of VPN traffic and this may be selectable on a per prefix basis.
  • FIG. 4 shows an example of RFC2547-based VPN using a tunnel overlay network.
  • CE Left 10 exchanges routes with PE Left 20 .
  • PE Left 20 exchanges routes with the rest of the PEs e.g. PE 22 .
  • a single routing entity is used to distribute routing information in all VPNs.
  • the routes exchanged between PE routers use a next hop address from the tunnel overlay network.
  • PE Right 22 receives routes from PE Left 20 (e.g.
  • Routers at different sites still do not exchange routes directly but only through the mutual routing peer i.e. the service provider network.
  • the function of the overlay multi-access tunnel network 30 is to provide full connectivity between PE routers so as to be able to transport all IP VPN traffic through the core.
  • the underlying transport network 40 is totally unaware of the L 3 VPN routing information.
  • the only routing information required in the transport network 40 is that required to provide full connectivity between PE routers or tunnel endpoints. No extra state needs to be maintained in these core routers in order to facilitate the transport of VPN traffic across the core.
  • By redirecting traffic through the overlay network at a PE the traffic is tunneled through the core transport network as opposed to switched.
  • the invention proposes that this redirection is achieved by changing the address space of the next hop as opposed to changing the numerical value of the next hop.
  • Routing updates can be interpreted by the receiving PE router as an instruction that a VPN prefix is reachable by tunneling to some destination as opposed to switching to the destination.
  • FIG. 5 and the example of a VPN prefix 100.4.4.0/24 advertised using BGP with a next hop of 123.1.1.4.
  • This BGP VPNv 4 update is interpreted as an instruction that a VPN prefix 100.4.4.0/24 is reachable by tunneling to 123.1.1.4.
  • This instruction is translated into a set of routing and forwarding entries such that (i) traffic received from the appropriate VRF and destined to an IP address within 100.4.4.0/24 will be tunneled to 123.1.1.4 and (ii) the routing and forwarding infrastructure set up by this instruction will not require any special handling of route updates in the control plane or of traffic in the forwarding plane.
  • Tunneling traffic from point A to point B implies that point A and point B become adjacent at the internetwork layer for the purposes of IP traffic tunneled from A to B. This fact can be modeled adequately by connecting A and B directly using a logical link and providing each router with a virtual interface onto this logical link.
  • This virtual interface takes the form of the tunnel interface.
  • Directing traffic for a prefix such as 100.4.4.0/24 out of a tunnel interface implies that traffic to 100.4.4.0/24 would be tunneled.
  • the prefix 100.4.4.0/24 will be installed so as to send traffic via a tunnel interface (either directly or as a recursive route which resolves to a prefix through a tunnel interface).
  • the BGP next hop is used as the tunnel endpoint address.
  • a PE router will receive VPNv4 BGP updates originating from a number of PE routers. All these will be interpreted to indicate that traffic should be tunneled to the PE router and not forwarded to the PE router so as to make sure that the payload traffic gets through the transport network without being inspected.
  • a PE router is expected to be able to tunnel traffic to all the other PE routers. This means that the PE-PE adjacency can be modeled through either a full mesh of point-to-point tunnels or a single multi-access network with each PE having access to this network through a single virtual interface referred to as a multipoint tunnel interface.
  • the second option is the more attractive option from a practical standpoint since it does not require multiple interfaces to be maintained.
  • a multipoint tunnel interface can be used to tunnel to multiple endpoints. Thus if a prefix is routed through the tunnel interface to this next hop, then the route would point out of a tunnel/next hop as follows;
  • N is to allow the identification of one of many tunnel endpoints to which traffic should be sent. At this point, N is known to identify the tunnel endpoint reached through 123.1.1.4. But 123.1.1.4 is not the next hop address; 123.1.1.4 is the address to tunnel to. Using Ethernet as an example, N would be the equivalent of the IP address whereas 123.1.1.4 would be the equivalent to the MAC address corresponding to the IP address N.
  • One possible solution would be to provide some tunnel address resolution mechanism and allow BGP to advertise prefixes with N as next hop.
  • the address resolution mechanism would then resolve N to 123.1.1.4 so that the forwarding tunnel adjacency could be prepared with the appropriate tunnel endpoint destination.
  • This will allow existing routing and forwarding entries in the routing and forwarding table to translate the instruction “traffic to 100.4.4.0/24 should be tunneled to 123.1.1.4 ” into action except that it would be done in two stages i.e. “traffic to 100.4.4.0/24 should be forwarded to N on Tunnel 1 , and N resolves to 123.1.1.4 ”.
  • This invention is built around the ability of a routing update to be interpreted as indicating that the prefix advertised via a next hop N in the transport network, is reachable through a next hop N which is directly connected to the tunnel network in “RiV”.
  • the internetwork address of the next hop N on the tunnel network resolves to link layer IP address N in the global routing table.
  • a tunnel overlay network in a distinct address space allows the PE router to use routing and forwarding entries exactly as they exist today to provide routing through an overlay network interconnecting PE routers without incurring the cost of having to provide a complex address resolution mechanism to resolve overlay-to-transport network addresses.
  • the IP Tunnel overlay is placed in an address space distinct from the transport network (using a VRF dedicated for this purpose and referred to as the Resolve-In VRF “RiV”). This results in number of significant advantages.
  • the act of mapping from the overlay to the transport address can be reduced to a trivial operation.
  • the overlay address is made numerically equivalent to the transport address, thus making address resolution trivial.
  • the IP address 123.1.1.4 is used as the destination IP address in the outer IP header transporting the VPN traffic across the service provider network.
  • N could be assigned 123.1.1.4 in “RiV”.
  • N signifies the tunnel address on PE 2 , and this is numerically equivalent to the tunnel endpoint destination in the transport network 123.1.1.4. It would not be correct to say that they are the same IP addresses. They are two distinct addresses by virtue of being in different address spaces. They are however numerically equivalent.
  • Another advantage of placing the tunnel overlay network in a RiV is that an operator introducing a new VPN service does not have to obtain new addresses to number the tunnel interface on each PE. Instead, an existing IP address is used and the tunnel interface is placed in the RiV. A service provider deploying a VPN service in conjunction with a number of service providers would also find this beneficial since no extra effort is required to coordinate addressing on the tunnel overlay.
  • Placing the tunnel interface in a pre-configured VRF allows the operator to shift VPN traffic across the service provider network through different tunnel interfaces with different output features applied based on attributes of the advertised prefix other than the next hop. For each such output feature set, a RiV and a corresponding tunnel would be created.
  • VPNv4 prefixes learnt from remote PE routers and which should be transported via a tunnel are identified and set to resolve via the RiV. This means that the next hop N would be looked up in the RiV in order to identify the immediate next hop where traffic should be forwarded.
  • This may be implemented through a route-map by extending the “set ip next-hop” command to “set ip next-hop in-vrf ⁇ RiV>”.
  • This route-map can be selectively applied to prefixes and peers such that only traffic to specific prefixes would be tunneled. Any prefixes not selected would be switched across the service provider network. This facility allows tunneling to be used in conjunction with switching.
  • a default route out of the tunnel interface might need to be configured if summarizing the advertised next hops of all PE routers is not possible.
  • CEF Cosmetic Express Forwarding
  • a special property of the RiV is that when a route is received which is configured to be resolved in the RiV, and such a route is resolved, this action is taken to be a tunnel endpoint discovery event and triggers the creation of a tunnel endpoint (if this endpoint has not already been created).
  • the next hop used signifies a new tunnel endpoint.
  • the tunnel endpoint database for the tunnel is updated with the new endpoint information.
  • the forwarding infrastructure for this endpoint is also prepared. In CEF, this involves the creation of an adjacency out of the tunnel interface.
  • a tunnel adjacency contains a partially precomputed encapsulation string, which is pre-pended to any packet being switched through the adjacency.
  • the tunnel used is a GRE tunnel
  • this is made up of an IP header followed by a GRE header.
  • the IP header contains the destination in the transport network that would lead to the correct tunnel endpoint. In the example below, this destination is 7B010103.
  • VPN traffic can be switched through the tunnel overlay to the remote PE routers and on to the destination.
  • CEF switching onto a tunnel can be implemented using a technique known as double or recursive switching.
  • a packet is received from a CE router, and the IP lookup in the VRF returns the tunnel adjacency, the packet is encapsulated in an IP and a GRE header retrieved from the adjacency as a string, for instance as shown in FIG. 3 .
  • the IP header contains the destination IP address from the transport network that is numerically equivalent to the IP address of the next hop on the tunnel network. This is computed when the tunnel endpoint was discovered i.e. when BGP installed the prefix in the VRF and resolved the next hop in the RiV.
  • the packet is then reinserted at the top of the ip switching path and is switched based on the contents of the transport address space towards the remote PE. At this point, the packet looks like one that originated on the PE and is destined to the remote PE and will be switched through the core as a normal IP packet.
  • the packet When the remote PE receives the packet, the packet is inspected and identified as a tunneled packet.
  • the receiving tunnel interface is a tunnel interface.
  • the tunnel and VPN header on the packet indicate the table to be used to perform the IP look up on the payload IP packet.
  • the PE router then strips of the tunnel header information (and any related header information) to reveal the original IP payload packet and then deals with the IP packet in the normal manner.
  • PE Right 22 is connected to a customer site and learns prefix 124.2.2.0/24 from the site.
  • the VRF on the interface connected to the customer site is configured with an export route-target of 100:1 and a route distinguisher of 1:1.
  • PE Right 22 advertises the VPNv4 update with a next hop of 123.1.1.2 (the transport address of PE Right).
  • PE Left 20 will interpret this as a next hop on the tunnel overlay network in the RiV.
  • PE Left will also assume that 123.1.1.2 on the tunnel overlay in the RiV can be reached by tunneling to destination 123.1.1.2 in the IP transport network 40 . This is because the IP address of the tunnel interface of PE Right is numerically equivalent to the tunnel endpoint address on the IP transport network. If PE Left 20 needs to tunnel VPN traffic to PE Right 22 , the destination address in the outer IP header should be 123.1.1.2.
  • a prefix would be selected for tunnel transport on PE Left by applying the “set ip next-hop in-vrf ⁇ my_RiV>” (where my_RiV would be a preconfigured RiV VRF) when the BGP update with the prefix is received from PE Right.
  • route map in this example matches all prefixes since no match statement is configured. This implies that all VPNv4 BGP updates will be resolved in my_RiV and use the tunnel as transport through the service provider network.
  • the filter could be more stringent and could operate by matching prefixes, communities etc so as to apply only to specific BGP updates.
  • a default VRF may be defined which refers to the same address space.
  • 123.1.1.2 is resolved by looking up the next hop in the special VRF “my_RiV”. This resolves to a next hop on the tunnel since all next hops are configured to be reachable on the tunnel network. E.g. using a default route out of the tunnel interface.
  • the action of resolving a prefix via the tunnel interface triggers tunnel endpoint discovery/creation which creates the tunnel endpoint and associated prefixes through the tunnel including the creation of a /32 prefix in a Forwarding Information Base (FIB) pointing to a tunnel adjacency to 123.1.1.2.
  • FIB Forwarding Information Base
  • the encapsulation string in the adjacency contains an outer IP header and other headers relevant to the tunneling mechanism and the VPN application e.g. the GRE header and an MPLS label.
  • the destination address in the outer IP header contains the IP Address 123.1.1.2.
  • the second IP lookup of the double switch in the forwarding path happens in the global FIB.
  • the destination IP address 123.1.1.2 indicates that the packet is destined to a local interface.
  • the protocol type is identified e.g. GRE and the interface is determined to be a tunnel interface dedicated to L 3 VPN transport.
  • the VPN label (value 22 ) is looked up in a vpn tableland is found to be associated with the VRF “customerII”. This implies that after the outer IP,tunnel and application headers have been stripped, the remaining payload will be reinserted at the top of the IP switch path.
  • An InterAS VPN service may be provided (AS here stands for Autonomous System).
  • Multihop eBGP VPNv4 updates can be exchanged using the feature that allows such updates to be propagated with unchanged next hop address.
  • VPNv4 eBGP updates are exchanged between routers in the cooperating autonomous systems. Typically, these VPNv4 eBGP updates are exchanged between route-reflectors configured with a multihop eBGP session as shown in FIG. 7 . Because the next hop can be propagated unchanged across the eBGP session as learnt from an iBGP session, the next hop will be that of the originating PE and thus the tunnel endpoint used for the advertised VPNv4 prefix will be that of the originating PE even from PE routers in the remote AS. Intermediate service providers do not need to cooperate beyond providing IP connectivity between the autonomous systems.
  • FIG. 7 shows three autonomous systems SP 1 , SP 2 and SP 3 .
  • PE 3 24 in Service Provider SP 3 This PE would advertise any prefixes learnt from CE routers using an IP address in the transport network as the next hop address. This prefix would be propagated to the route reflector in SP 3 as a VPNv4 update.
  • the route reflector would reflect the VPNv4 updates to the rest of the PE routers in SP 3 and it would also propagate the VPNv4 updates to the route reflectors in SP 1 and SP 2 .
  • the next hop would still be of an interface on PE 3 .
  • the router reflectors at SP 2 and SP 1 would in turn propagate the update to all the PE routers in those autonomous systems. So PE 2 would receive the VPNv4 prefix from PE 3 .
  • the invention is put to use by choosing to interpret the next hop address as pertaining to the RiV.
  • the advertised prefix When the advertised prefix is resolved, it turns out to be via the tunnel interface with the endpoint address resolving to the next hop address in the global routing table. All traffic destined to the prefix would be tunneled directly to the next hop advertised by PE 3 .
  • FIG. 8 shows a schematic representation of the multiple address spaces used in the invention.
  • a first address space 800 and a second address space 802 are shown.
  • the first address space 800 represents the VRF of a given node (e.g. router PE 1 ).
  • This first address space 800 includes the destination address (e.g. CE 2 , CE 3 etc.) and information as to how traffic for the destination is to be forwarded through the network (e.g. via L(my_RiV)).
  • the information relating to forwarding of traffic for the destination has an address L and an indicator (my_RiV) that tells the PE to look at address L in the second address space 802 .
  • the second address space 802 has an address (e.g. L) and interface information (e.g. on tunnel 1 ).
  • the address L is the tunneling address for traffic received at PE 1 and destined for CE 2 and indicates an address in the first address space.
  • the routing information for address L is then resolved to an address in the transport layer (e.g. L via P 1 ).
  • PE 1 On receipt of traffic destined for CE 2 , PE 1 looks up in the VRF 800 for the forwarding information for CE 2 . From VRF 800 PE 1 looks up CE 2 and finds the information “via L(my_RiV)”. In response, PE 1 looks in the address space 802 labelled my_RiV, looks up L (as given in the VRF) and finds the information “on tunnel 1 ”. PE 1 then looks in the first address space 800 to find the next hop for traffic to destination L and finds that it is P 1 .
  • PE 1 then encapsulates the traffic for CE 2 in a tunnel header that has as its destination address L (as given in (my_RiV)) and a label that indicates that it is tunneled on tunnel 1 and forwards this onto the next hop P 1 .
  • the encapsulated traffic is then forwarded to L without the payload of the traffic being examined.
  • the VRF may also include forwarding information for traffic that is not to be tunneled. For instance, as shown in FIG. 8 , traffic for CE 5 and CE 6 does not require to be tunneled. In the case of CE 5 , traffic for CE 5 is to be forwarded in a normal switched manner via address Q and Q can be reached via P 1 . This information is wholly stored within the first address space 800 . PE 1 therefore switches traffic for CE 5 with a destination node Q and this traffic is first switched to P 1 . This is also the case for destination CE 6 as shown in FIG. 8 , where traffic for CE 6 is via node R and is switched via node P 1 .
  • the VRF may contain explicit information telling the PE 1 to look in the VRF for the forwarding information (as is the case for CE 5 ) or the default address space may be set to be VRF is specified) or there is no forwarding information and the PE looks in the VPF by default for the next hop.

Abstract

A method and apparatus for redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks. In an IP implementation, redirecting traffic to be tunneled across a network comprises deriving the transport IP address of a multipoint tunnel endpoint from the network IP address by making the transport address numerically equivalent to the network address, the transport address being in an address space distinct from the address space of the network address. Traffic is redirected by changing the address space of the next hop in a received routing advertisement.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • This application is a divisional of U.S. patent application Ser. No. 10/270,409 filed Oct. 2, 2002 which is incorporated herein by reference as fully set forth herein, under 35 U.S.C. §120.
    • FIELD OF THE INVENTION
  • This invention generally relates to the field of internetworking in data communications. The invention relates more specifically to redirecting network traffic through a multipoint tunnel overlay network using distinct IP address spaces for the overlay and transport networks.
    • BACKGROUND OF THE INVENTION
  • The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
  • An internet comprises a plurality of sites attached to a common network known as a backbone. Traffic between sites is routed from the source to a destination via nodes of the network. The traffic may be switched at the nodes based on the destination address. Alternatively, the traffic may be switched based on a header that is pre-pended to the original traffic such that some intermediate routing nodes have no knowledge of the final destination address. This latter approach is known as tunneling and one well-known use of this approach is in the provision of virtual private networks (VPNs). This application of tunneling will be used to exemplify the invention but the invention is not intended to be limited to this area of application.
  • The Internet Engineering Task Force (IETF) was set up to establish internet protocols. The IETF RFC2547 (March 1999) deals with the provision of VPN services by a service provider. At each site, there are one or more Customer Edge (CE) devices, each of which is attached via a data link (e.g. Ethernet, PPP, ATM, GRE tunnel etc.) to one or more Provider Edge (PE) routers. The service provider's network comprises the PE routers and as well as other routers (P routers) that are not attached to CE devices. When a service provider deploys an RFC2547-based VPN service, VPN traffic is transported across the core network between Provider-Edge routers (PE). This may be done by the use of IP “tunnels” which can be used to transport traffic across a service provider network. This idea was proposed by Eric Rosen and Yakov Rekhter in their IETF proposal entitled “Use of PE-PE GRE or IP in RFC2547 VPNs” (available from the IETF website and found at http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-gre-ip-2547-01.txt).
  • According to RFC2547, each PE router maintains a number of forwarding tables. Each site to which the PE is attached is mapped to one of the forwarding tables. On receipt of a packet from a site, the forwarding table for that site is consulted to determine the route for the packet. Once a PE learns of a site that is reachable from a new site, this information is distributed to all the other PE routers to which the PE router is attached, for instance by using a protocol such as BGP (Border Gateway Protocol). The PE routers update their forwarding tables in response.
  • PE routers exchange VPNv4 routes using BGP. A PE router receives enough information in a VPNv4 update so as to determine that traffic received at a router, destined to some prefix P/m, should be tunneled to a destination N′. A PE router receiving this information must set up its forwarding path to do just this. IP based tunneling from one PE to another may be used as proposed in the Rosen/Rekhter draft referred to above. A logical IP tunnel network makes the endpoints of the tunnel, i.e. the PE routers, immediately adjacent at the internetwork layer-layer 3. Thus, an overlay network is used to represent the direct path taken by tunneled traffic. This overlay network is accessed by a PE router through a logical tunnel interface.
  • If traffic to P/m needs to be tunneled to some destination N′ (N′ being in the transport network), then the route to P/m is via N where N is an address on the tunnel overlay network and such that N is the tunnel address of a PE router reachable at N′ on the transport network.
  • In other words, for traffic to P/m to be tunneled to N′, an IP route of the form “P/m via N reachable through tunnel interface” is set up. The use of a tunnel interface and a tunnel overlay network allow routes in a routing table to prescribe how traffic should be routed without introducing exceptions for tunneled as opposed to forwarded traffic. The tunnel interface identifies that tunnel encapsulation must be imposed and N identifies which tunnel endpoint should be used.
  • When a routing update for the prefix P/m is received, the PE router needs to install the prefix P/m in the appropriate routing and forwarding table. A route lookup in this table for a destination covered by this prefix P/m should return the appropriate next hop/interface to which to dispatch the packet. To enable traffic to be transported over the tunnel overlay (i.e. tunneled through the transport network) to the remote PE, the route lookup must return a next hop on the overlay tunnel network. Consider the prefix 100.4.4.0/24 advertised by PE2 to PE1 with a next hop N, as shown in FIG. 1 and targeted to be installed in a table called “customer”. Assuming the correct route-targets are associated with the VPNv4 prefix in the BGP update, 100.4.4.0/24 would be installed in the routing and forwarding tables “customer” on PE1 as shown below:
      • ccassar-72a#sh ip route vrf customer
      • B 100.4.4.0/24 [200/0] via N, 00:01:47
  • The prefix 100.4.4.0/24 with next hop N must resolve through the connected tunnel network in order to ensure that traffic to 100.4.4.0/24 is tunneled through the transport network. Linking 100.4.4.0/24 to a next hop N on the tunnel interface completes the forwarding setup for traffic sent to 100.4.4.0/24. However, in the prior art, the IP address N on the tunnel would then have to be resolved to an underlying IP address of the router (123.1.1.4 in the example shown in FIG. 1) so that the outer IP header imposed when tunneling through the transport network can be populated appropriately and traffic can be tunneled to the destination through the transport network. This process is analogous to resolving an IP next hop address to a MAC address using ARP on an Ethernet interface.
  • The disadvantages of this solution include: the need to use an address resolution protocol to provide the mapping between the IP address of the tunnel endpoint in the overlay network and the underlying transport address; and the allocation of address space by a service provider for the tunnel network such that all tunnel endpoints are provided with unique addresses, which are distinct from those of the transport network. Address allocation and address resolution become more challenging if multiple service providers coordinate to provide the tunnel overlay network. In such a case, the overlay network is shared amongst all service providers and every router on the end of a tunnel is adjacent to every other one. Coordinating addressing and address resolution on the overlay network in such a case is more complicated if all addresses need to be unique amongst the set of addresses on the overlay AND the transport network.
    • SUMMARY OF THE INVENTION
  • In accordance with the invention there is provided a method for directing traffic across a network. On receipt of traffic for a destination address in a network, there is looked up in a first address space information as to how traffic for the destination is to be forwarded, the information including a specified node N. There is then looked up in the second address space an address of the specified node N, the address of the node N in the second address space being related to an address in the first address space. For traffic that is to be tunneled to a specified node, the traffic is encapsulated in a header including the address specified in the first address space that is related to the address in the second address space.
  • The address in the second address space is preferably numerically identical to the related address in the first address space. The related address in the first address space may be a link layer IP address corresponding to the internetwork layer IP address of a tunnel endpoint in the second address space. A multipoint tunnel network may be defined in the second address space.
  • A routing protocol update may be used to distribute routing information between nodes of the network. This may take the form of an advertised next hop in a routing protocol update, the receipt of which triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space. Preferably the IP address in the second address space is an internetwork layer IP address and the IP address in the first address space is a link layer IP address
  • A plurality of second address spaces may be provided, corresponding to the definition of multiple tunnels.
  • In a second aspect of the invention there is provided a router for directing traffic on a network, the router comprising a first address space including information relating to a destination address and information relating to forwarding of traffic for the destination address and a second address space including information relating to tunnel endpoint addresses. A tunnel endpoint address in the second address space is related to the forwarding information in the first address space.
  • All addresses in the second address space may be directly connected to a multi-point tunnel network. The addresses in the second address space thus define a multi-point tunnel network.
  • The tunnel endpoint address in the second address space is preferably numerically identical to the address in the first address space. The address in the first address space may be a link layer IP address and the tunnel endpoint address in the second address space may be an internetwork layer IP address.
  • A routing protocol update may be used to distribute routing information between nodes of the network. The receipt of an advertised next hop in a routing protocol update triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
  • A plurality of second address spaces may be provided, corresponding to the definition of multiple tunnels.
  • A router for directing traffic via a network, the network including a plurality of interconnected nodes, comprises a first address space for storing information received from nodes of the network. The information indicates a destination address and information as to how traffic for the destination address is to be forwarded via a specified node of the network. A second address space stores information relating to how traffic is to be tunneled to a node of the network, the information indicating a destination address. The destination address in the second address space is related to an address of the specified node in the first address space. On receipt of routing information for the destination, the router re-directs the traffic for the destination by changing the address space of the next node from the first address space to the second address space.
  • A method of creating a virtual private network via one or more networks owned by one or more internet service providers, comprises receiving information at a first node of the network that traffic for a destination is to the tunneled via a second node of the network. The information indicates that the traffic for the destination is to be tunneled to the node. The destination is part of a virtual private network. On receipt of routing information for the destination in the virtual private network, the traffic for the destination is re-directed by changing the address space of the next node from a first address space to a second address space. The information may be in a routing update received via the network.
  • A method of redirecting traffic to be tunneled across a network comprises deriving a link layer IP address of a multipoint tunnel endpoint from an internetwork layer IP address by making the link layer address numerically equivalent to the internetwork layer address, the link layer address being in a first address space distinct from a second address space of the internetwork address. Traffic is redirected by changing the address space of the next node from the first address space to the second address space.
  • The present invention can be used in conjunction with other mechanisms to provide a service provider with a transport mechanism based on IP tunnels for the delivery of virtual private networks.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The invention will now be described further, by way of example only, with reference to the accompanying drawings, in which:
  • FIG. 1 shows an example of a tunnel overlay network;
  • FIG. 2 is a block diagram that illustrates a computer system upon which an embodiment of the invention may be implemented;
  • FIG. 3 shows an example of encapsulation using MPLS Label;
  • FIG. 4 shows an example of a RFC2547-based VPN using a tunnel overlay network;
  • FIG. 5 shows how a tunnel address is resolved to its endpoint in accordance with the invention;
  • FIG. 6 shows an example of the invention implemented using multipoint GRE tunnel/VPN;
  • FIG. 7 shows an example of a network according to the invention implemented as an InterAS multipoint GRE tunnel VPN; and
  • FIG. 8 is a schematic representation of a first and second address space as proposed in the invention.
    • DETAILED DESCRIPTION
  • A method and apparatus for redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks is described. In the following description, for the purposes of explanation, numerous specific details are set forth to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram to avoid unnecessarily obscuring the present invention.
  • To aid a reader of this specification, a summary of acronyms used herein is given below:
    • AS Autonomous System
    • BGP Border Gateway Protocol
    • CE Customer Edge Router
    • CEF Cisco Express Forwarding
    • GRE Generic Route Encapsulation
    • LSP Label Switched Path
    • MPLS Multi Protocol Label Switching
    • MSS Maximum Segment Size
    • MTU Maximum Transmission Unit
    • P Provider routers which do not connect to customer routers
    • PE Provider Edge Router
    • RiV Resolve-in VRF
    • VRF Virtual Routing and Forwarding table p FIG. 2 is a block diagram that illustrates a computer system 200 upon which an embodiment of the invention may be implemented. The preferred embodiment is implemented using one or more computer programs running on a network element such as a router device. Thus, in this embodiment, the computer system 200 is a router.
  • Computer system 200 includes a bus 202 or other communication mechanism for communicating information, and a processor 204 coupled with bus 202 for processing information. Computer system 200 also includes a main memory 206, such as a random access memory (RAM), flash memory, or other dynamic storage device, coupled to bus 202 for storing information and instructions to be executed by processor 204. Main memory 206 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 204. Computer system 200 further includes a read only memory (ROM) 208 or other static storage device coupled to bus 202 for storing static information and instructions for processor 204. A storage device 210, such as a magnetic disk, flash memory or optical disk, is provided and coupled to bus 202 for storing information and instructions.
  • A communication interface 218 may be coupled to bus 202 for communicating information and command selections to processor 204. Interface 218 is a conventional serial interface such as an RS-232 or RS-422 interface. An external terminal 212 or other computer system connects to the computer system 200 and provides commands to it using the interface 214. Firmware or software running in the computer system 200 provides a terminal interface or character-based command interface so that external commands can be given to the computer system.
  • A switching system 216 is coupled to bus 202 and has an input interface 214 and an output interface 219 to one or more external network elements. The external network elements may include a local network 222 coupled to one or more hosts 332, or a global network such as Internet 228 having one or more servers 230. The switching system 216 switches information traffic arriving on input interface 214 to output interface 219 according to pre-determined protocols and conventions that are well known. For example, switching system 216, in cooperation with processor 204, can determine a destination of a packet of data arriving on input interface 214 and send it to the correct destination using output interface 219. The destinations may include host 332,server 230, other end stations, or other routing and switching devices in local network 222 or Internet 228.
  • The invention is related to the use of computer system 200 for redirecting traffic, especially tunneling traffic. According to one embodiment of the invention, this is provided by computer system 200 in response to processor 204 executing one or more sequences of one or more instructions contained in main memory 206. Such instructions may be read into main memory 206 from another computer-readable medium, such as storage device 210. Execution of the sequences of instructions contained in main memory 206 causes processor 204 to perform the process steps described herein. One or more processors in a multi-processing arrangement may also be employed to execute the sequences of instructions contained in main memory 206. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
  • The term “computer-readable medium” as used herein refers to any medium that participates in providing instructions to processor 204 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 210. Volatile media includes dynamic memory, such as main memory 206. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 202. Transmission media can also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications.
  • Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
  • Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 204 for execution. For example, the instructions may initially be carried on a magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 200 can receive the data on the telephone line and use an infrared transmitter to convert the data to an infrared signal. An infrared detector coupled to bus 202 can receive the data carried in the infrared signal and place the data on bus 202. Bus 202 carries the data to main memory 206, from which processor 204 retrieves and executes the instructions. The instructions received by main memory 206 may optionally be stored on storage device 210 either before or after execution by processor 204.
  • Communication interface 218 also provides a two-way data communication coupling to a network link 220 that is connected to a local network 222. For example, communication interface 218 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 218 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, communication interface 218 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
  • Network link 220 typically provides data communication through one or more networks to other data devices. For example, network link 220 may provide a connection through local network 222 to a host computer 224 or to data equipment operated by an Internet Service Provider (ISP) 226. ISP 226 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 228. Local network 222 and Internet 228 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 220 and through communication interface 218, which carry the digital data to and from computer system 200, are exemplary forms of carrier waves transporting the information.
  • Computer system 200 can send messages and receive data, including program code, through the network(s), network link 220 and communication interface 218. In the Internet example, a server 230 might transmit a requested code for an application program through Internet 228, ISP 226, local network 222 and communication interface 218. In accordance with the invention, one such downloaded application provides for tunneling as described herein.
  • The received code may be executed by processor 204 as it is received, and/or stored in storage device 210, or other non-volatile storage for later execution. In this manner, computer system 200 may obtain application code in the form of a carrier wave.
  • The invention will be described with reference to the provision of Virtual Private Networks. However the invention is applicable to any internetworking system in which traffic is to be tunneled. Multiple service providers may cooperate and offer a joint VPN service with traffic tunneled directly from the ingress PE router at one service provider directly to the egress PE router at a different service provider. These service providers can be interconnected through non-cooperating service providers since IP packets are providing inter-PE transport for the VPN payload traffic.
  • The invention includes the use of a separate address space for the overlay network rendering address resolution trivial. An overlay multi-access tunnel network is used to interconnect the PE routers (implying that only a single tunnel needs to be configured on a PE in order for the PE to be able to transport VPN traffic to all PEs). A protocol, such as Border Gateway Protocol (BGP), is used to distribute routing information, such as VPNv4 routing information, between PE routers. The advertised next hop in BGP VPNv4 updates may be used to trigger tunnel endpoint discovery. A peer routing relationship is maintained between the service provider network and customer sites. The invention also allows for the ability to provide flexible IP output features as traffic enters the overlay network using multiple address spaces for the tunnel overlay network.
  • The invention may be used by a service provider with an existing IP network to add, for example, a RFC2547 VPN service to the portfolio of services offered and not wishing to migrate the core of the network from IP forwarding to MPLS switching. It is this application that will now be considered as an exemplary embodiment of the invention.
  • Deploying the invention in support of RFC2547 VPN over IP results in a simple configuration, which is not on a per-VRF or per-remote PE basis. A PE is able to use both IP tunnel and LSPs for transport of VPN traffic and this may be selectable on a per prefix basis.
  • The peer relationship between customer sites and the service provider network is retained (contrary to what might be assumed because of the introduction of the overlaid IP tunnel network). The PE routers are interconnected through a multi-access overlay network but the routing relationship from the CE remains with the PE and is not with the remote CE. FIG. 4 shows an example of RFC2547-based VPN using a tunnel overlay network. In FIG. 4, CE Left 10 exchanges routes with PE Left 20. PE Left 20 exchanges routes with the rest of the PEs e.g. PE 22. A single routing entity is used to distribute routing information in all VPNs. The routes exchanged between PE routers use a next hop address from the tunnel overlay network. PE Right 22 receives routes from PE Left 20 (e.g. via a route reflector) with a next hop address signifying a PE Left interface address connecting PE Left to the tunnel overlay network. PE Right propagates this information to CE Right 12. Routers at different sites still do not exchange routes directly but only through the mutual routing peer i.e. the service provider network.
  • The function of the overlay multi-access tunnel network 30 is to provide full connectivity between PE routers so as to be able to transport all IP VPN traffic through the core. The underlying transport network 40 is totally ignorant of the L3 VPN routing information. The only routing information required in the transport network 40 is that required to provide full connectivity between PE routers or tunnel endpoints. No extra state needs to be maintained in these core routers in order to facilitate the transport of VPN traffic across the core. By redirecting traffic through the overlay network at a PE, the traffic is tunneled through the core transport network as opposed to switched. The invention proposes that this redirection is achieved by changing the address space of the next hop as opposed to changing the numerical value of the next hop.
  • Routing updates such as BGP VPNv4 updates can be interpreted by the receiving PE router as an instruction that a VPN prefix is reachable by tunneling to some destination as opposed to switching to the destination. Consider now FIG. 5 and the example of a VPN prefix 100.4.4.0/24 advertised using BGP with a next hop of 123.1.1.4. This BGP VPNv4 update is interpreted as an instruction that a VPN prefix 100.4.4.0/24 is reachable by tunneling to 123.1.1.4.
  • This instruction is translated into a set of routing and forwarding entries such that (i) traffic received from the appropriate VRF and destined to an IP address within 100.4.4.0/24 will be tunneled to 123.1.1.4 and (ii) the routing and forwarding infrastructure set up by this instruction will not require any special handling of route updates in the control plane or of traffic in the forwarding plane.
  • If a BGP update is interpreted as an instruction to tunnel traffic to the BGP next hop, the VPN route cannot be installed as:
  • 100.4.4.0/24 via 123.1.1.4
  • This is because the above indicates that traffic to 100.4.4.0/24 should be forwarded to 123.1.1.4.
  • Tunneling traffic from point A to point B implies that point A and point B become adjacent at the internetwork layer for the purposes of IP traffic tunneled from A to B. This fact can be modeled adequately by connecting A and B directly using a logical link and providing each router with a virtual interface onto this logical link.
  • This virtual interface takes the form of the tunnel interface. Directing traffic for a prefix such as 100.4.4.0/24 out of a tunnel interface implies that traffic to 100.4.4.0/24 would be tunneled. Thus, the prefix 100.4.4.0/24 will be installed so as to send traffic via a tunnel interface (either directly or as a recursive route which resolves to a prefix through a tunnel interface). The BGP next hop is used as the tunnel endpoint address.
  • A PE router will receive VPNv4 BGP updates originating from a number of PE routers. All these will be interpreted to indicate that traffic should be tunneled to the PE router and not forwarded to the PE router so as to make sure that the payload traffic gets through the transport network without being inspected. A PE router is expected to be able to tunnel traffic to all the other PE routers. This means that the PE-PE adjacency can be modeled through either a full mesh of point-to-point tunnels or a single multi-access network with each PE having access to this network through a single virtual interface referred to as a multipoint tunnel interface. The second option is the more attractive option from a practical standpoint since it does not require multiple interfaces to be maintained.
  • A multipoint tunnel interface can be used to tunnel to multiple endpoints. Thus if a prefix is routed through the tunnel interface to this next hop, then the route would point out of a tunnel/next hop as follows;
      • 100.4.4.0/24 . . . via N
      • N via Tunnel1, N
      • (. . . indicates that this would be through recursion since a BGP hop installs recursive routes)
  • Note that the purpose of N is to allow the identification of one of many tunnel endpoints to which traffic should be sent. At this point, N is known to identify the tunnel endpoint reached through 123.1.1.4. But 123.1.1.4 is not the next hop address; 123.1.1.4 is the address to tunnel to. Using Ethernet as an example, N would be the equivalent of the IP address whereas 123.1.1.4 would be the equivalent to the MAC address corresponding to the IP address N.
  • One possible solution would be to provide some tunnel address resolution mechanism and allow BGP to advertise prefixes with N as next hop. The address resolution mechanism would then resolve N to 123.1.1.4 so that the forwarding tunnel adjacency could be prepared with the appropriate tunnel endpoint destination. This will allow existing routing and forwarding entries in the routing and forwarding table to translate the instruction “traffic to 100.4.4.0/24 should be tunneled to 123.1.1.4 ” into action except that it would be done in two stages i.e. “traffic to 100.4.4.0/24 should be forwarded to N on Tunnel 1, and N resolves to 123.1.1.4 ”.
  • The approach herein however renders the address resolution mechanism trivial. By moving N into an address space “RiV” that is distinct from that of the transport network, address resolution becomes trivial. This is because the next hop on the tunnel can be configured with a numerically equivalent IP address on the tunnel network. Thus receiving a BGP update with a next hop of 123.1.1.4 means that traffic should be forwarded to a PE router with address 123.1.1.4 which is directly connected to the tunnel network. That tunnel address resolves to a transport network address of 123.1.1.4 in the address space of the transport network. The VPN route would then resolve to:
      • 100.4.4.0/24 . . . forwarded to Tunnel 1, 123.1.1.4
        where the adjacency to Tunnel 1, 123.1.1.4 in “RiV” causes traffic to be tunneled to 123.1.1.4 in the IP transport network. Tunnel overlay address-to-transport network address resolution is trivial because the IP addresses are numerically both 123.1.1.4. This is only possible because the address spaces of the tunnel overlay “RiV” and the transport network are distinct. The main benefit of the “RiV” is that it allows the tunnel address and tunnel endpoint to have the same 32-bit value for an IP address. This is illustrated in FIG. 5.
  • This invention is built around the ability of a routing update to be interpreted as indicating that the prefix advertised via a next hop N in the transport network, is reachable through a next hop N which is directly connected to the tunnel network in “RiV”. The internetwork address of the next hop N on the tunnel network resolves to link layer IP address N in the global routing table.
  • While deriving the model shown in FIG. 5 might seem a lengthy and maybe unnecessary exercise, the model attempts to avoid the need for any exception processing (e.g. next hop means “tunnel to” instead of “forward to” in some circumstances and not others).
  • In summary, a tunnel overlay network in a distinct address space allows the PE router to use routing and forwarding entries exactly as they exist today to provide routing through an overlay network interconnecting PE routers without incurring the cost of having to provide a complex address resolution mechanism to resolve overlay-to-transport network addresses.
  • According to the invention the IP Tunnel overlay is placed in an address space distinct from the transport network (using a VRF dedicated for this purpose and referred to as the Resolve-In VRF “RiV”). This results in number of significant advantages.
  • Since the IP address space of the tunnel overlay network 30 and the transport network 40 are distinct, the act of mapping from the overlay to the transport address can be reduced to a trivial operation. The overlay address is made numerically equivalent to the transport address, thus making address resolution trivial. With reference to FIG. 5, the IP address 123.1.1.4 is used as the destination IP address in the outer IP header transporting the VPN traffic across the service provider network. By providing a distinct address space, N could be assigned 123.1.1.4 in “RiV”. N signifies the tunnel address on PE2, and this is numerically equivalent to the tunnel endpoint destination in the transport network 123.1.1.4. It would not be correct to say that they are the same IP addresses. They are two distinct addresses by virtue of being in different address spaces. They are however numerically equivalent.
  • Another advantage of placing the tunnel overlay network in a RiV is that an operator introducing a new VPN service does not have to obtain new addresses to number the tunnel interface on each PE. Instead, an existing IP address is used and the tunnel interface is placed in the RiV. A service provider deploying a VPN service in conjunction with a number of service providers would also find this beneficial since no extra effort is required to coordinate addressing on the tunnel overlay.
  • Placing the tunnel interface in a pre-configured VRF allows the operator to shift VPN traffic across the service provider network through different tunnel interfaces with different output features applied based on attributes of the advertised prefix other than the next hop. For each such output feature set, a RiV and a corresponding tunnel would be created.
  • Because the RiV for a prefix is selected when the VPNv4 update is received, an operator could decide that traffic going to prefixes advertised with community A should be resolved in RiV A and are consequently transported through tunnel 1 with output feature set 1. Prefixes with community B also behind PE2 should be resolved in RiV B and consequently transported through tunnel 2 with output feature set 2. Tunnel 1 and 2 could then be configured with different output property sets 1 and 2 respectively. Note that this facility is optional and a simple deployment would only require a single tunnel and a single RiV per PE router.
  • VPNv4 prefixes learnt from remote PE routers and which should be transported via a tunnel are identified and set to resolve via the RiV. This means that the next hop N would be looked up in the RiV in order to identify the immediate next hop where traffic should be forwarded. This may be implemented through a route-map by extending the “set ip next-hop” command to “set ip next-hop in-vrf <RiV>”. This route-map can be selectively applied to prefixes and peers such that only traffic to specific prefixes would be tunneled. Any prefixes not selected would be switched across the service provider network. This facility allows tunneling to be used in conjunction with switching.
  • A default route out of the tunnel interface might need to be configured if summarizing the advertised next hops of all PE routers is not possible. After the VPNv4 prefix is installed in the customer VRF, CEF (Cisco Express Forwarding) may be used to resolve the prefix in RiV.
  • A special property of the RiV is that when a route is received which is configured to be resolved in the RiV, and such a route is resolved, this action is taken to be a tunnel endpoint discovery event and triggers the creation of a tunnel endpoint (if this endpoint has not already been created). In other words, when a prefix is installed in a customer VRF and resolves through a RiV out of a multipoint tunnel, the next hop used signifies a new tunnel endpoint. When a tunnel endpoint is discovered a number of things happen. The tunnel endpoint database for the tunnel is updated with the new endpoint information. The forwarding infrastructure for this endpoint is also prepared. In CEF, this involves the creation of an adjacency out of the tunnel interface. A tunnel adjacency contains a partially precomputed encapsulation string, which is pre-pended to any packet being switched through the adjacency. In one implementation when the tunnel used is a GRE tunnel, this is made up of an IP header followed by a GRE header. The IP header contains the destination in the transport network that would lead to the correct tunnel endpoint. In the example below, this destination is 7B010103. Below is an example of the partially pre-computed MAC string and the significance of the fields;
    mac_string -
    4500000000000000FF2FC3C87B0101017B01010300008847
    ================= IP Header ================
    45000000 00000000 FF2FC3C8 7B010101 7B010103
    Version & Header Length
    FF Time To Live
    2F Protocol indicating GRE header to follow
    C3C8 Checksum
    ... followed by source and destination 7B010101 7B010103
    ================ GRE Header ================
    00008847
  • Indicate MPLS Payload Follows
  • Once this stage is completed and the tunnel endpoint forwarding has been setup, VPN traffic can be switched through the tunnel overlay to the remote PE routers and on to the destination.
  • CEF switching onto a tunnel can be implemented using a technique known as double or recursive switching. When a packet is received from a CE router, and the IP lookup in the VRF returns the tunnel adjacency, the packet is encapsulated in an IP and a GRE header retrieved from the adjacency as a string, for instance as shown in FIG. 3. The IP header contains the destination IP address from the transport network that is numerically equivalent to the IP address of the next hop on the tunnel network. This is computed when the tunnel endpoint was discovered i.e. when BGP installed the prefix in the VRF and resolved the next hop in the RiV. Once the string has been pre-pended and the IP header total length and header checksum fields computed, the packet is then reinserted at the top of the ip switching path and is switched based on the contents of the transport address space towards the remote PE. At this point, the packet looks like one that originated on the PE and is destined to the remote PE and will be switched through the core as a normal IP packet.
  • When the remote PE receives the packet, the packet is inspected and identified as a tunneled packet. The receiving tunnel interface is a tunnel interface. The tunnel and VPN header on the packet indicate the table to be used to perform the IP look up on the payload IP packet. The PE router then strips of the tunnel header information (and any related header information) to reveal the original IP payload packet and then deals with the IP packet in the normal manner.
  • In order to clarify the description above, it is best to illustrate with an example using output collected from a prototype implementation. Consider FIG. 6. PE Right 22 is connected to a customer site and learns prefix 124.2.2.0/24 from the site. The VRF on the interface connected to the customer site is configured with an export route-target of 100:1 and a route distinguisher of 1:1. PE Right 22 advertises the VPNv4 update with a next hop of 123.1.1.2 (the transport address of PE Right). PE Left 20 will interpret this as a next hop on the tunnel overlay network in the RiV. PE Left will also assume that 123.1.1.2 on the tunnel overlay in the RiV can be reached by tunneling to destination 123.1.1.2 in the IP transport network 40. This is because the IP address of the tunnel interface of PE Right is numerically equivalent to the tunnel endpoint address on the IP transport network. If PE Left 20 needs to tunnel VPN traffic to PE Right 22, the destination address in the outer IP header should be 123.1.1.2.
  • In Cisco Internet Operating Software (IOS), a prefix would be selected for tunnel transport on PE Left by applying the “set ip next-hop in-vrf <my_RiV>” (where my_RiV would be a preconfigured RiV VRF) when the BGP update with the prefix is received from PE Right.
      • Route-map applied to neighbor:
      • neighbor 123.1.1.2 route-map ROUTE_MAP_FOR_IPVPN_ROUTES in Route-map defined:
      • route-map ROUTE_MAP_FOR_IPVPN_ROUTES permit 10 set ip next-hop in-vrf <my_RiV>
  • Note that the route map in this example matches all prefixes since no match statement is configured. This implies that all VPNv4 BGP updates will be resolved in my_RiV and use the tunnel as transport through the service provider network. The filter could be more stringent and could operate by matching prefixes, communities etc so as to apply only to specific BGP updates. Alternatively, a default VRF may be defined which refers to the same address space.
  • This results in a BGP entry as follows;
  • ccassar-72a#sh ip bgp vpnv4 vrf red 124.2.2.0
      • BGP routing table entry for 1:1:124.2.2.0/24, version 9
      • Paths: (1 available, best #1)
      • Not advertised to any peer
      • Local
      • 123.1.1.2 in “my_RiV” from 123.1.1.2 (123.1.1.2)
      • Origin incomplete, metric 0, localpref 100, valid, internal, best
      • Extended Community: RT: 100:1
        And a VRF entry;
      • ccassar-72a#sh ip route vrf red 124.2.2.0
      • Routing entry for 124.2.2.0/24
      • Known via “bgp 100”, distance 200, metric 0, type internal
      • Last update from 123.1.1.2 00:40:11 ago
      • Routing Descriptor Blocks:
      • 123.1.1.2 (my_RiV), from 123.1.1.2, 00:40:11 ago
      • Route metric is 0, traffic share count is 1
      • AS Hops 0
        And a CEF entry;
      • ccassar-72a#sh ip cef vrf red 124.2.2.0
      • 124.2.2.0/24, version 18, epoch 0
      • 0 packets, 0 bytes
      • tag information set
      • local tag: VPN-route-head
      • via 123.1.1.2, 0 dependencies, recursive
      • next hop 123.1.1.2, Tunnel1 via 123.1.1.21/32 (my_RiV)
      • valid adjacency
      • tag rewrite with Tul, 123.1.1.2, tags imposed: {22}
  • 123.1.1.2 is resolved by looking up the next hop in the special VRF “my_RiV”. This resolves to a next hop on the tunnel since all next hops are configured to be reachable on the tunnel network. E.g. using a default route out of the tunnel interface.
  • The action of resolving a prefix via the tunnel interface triggers tunnel endpoint discovery/creation which creates the tunnel endpoint and associated prefixes through the tunnel including the creation of a /32 prefix in a Forwarding Information Base (FIB) pointing to a tunnel adjacency to 123.1.1.2. The encapsulation string in the adjacency contains an outer IP header and other headers relevant to the tunneling mechanism and the VPN application e.g. the GRE header and an MPLS label. The destination address in the outer IP header contains the IP Address 123.1.1.2. The second IP lookup of the double switch in the forwarding path happens in the global FIB.
  • When the packet is received at PE Right 22, the destination IP address 123.1.1.2 indicates that the packet is destined to a local interface. The protocol type is identified e.g. GRE and the interface is determined to be a tunnel interface dedicated to L3 VPN transport. The VPN label (value 22) is looked up in a vpn tableland is found to be associated with the VRF “customerII”. This implies that after the outer IP,tunnel and application headers have been stripped, the remaining payload will be reinserted at the top of the IP switch path.
  • Another example of how the invention might fit in as one component of an overall solution that might be of interest to a service provider will now be considered.
  • Say two service providers both sell a VPN service based on IP tunnels and wish to cooperate (for instance to service a larger geographic area). An InterAS VPN service may be provided (AS here stands for Autonomous System). Multihop eBGP VPNv4 updates can be exchanged using the feature that allows such updates to be propagated with unchanged next hop address.
  • VPNv4 eBGP updates are exchanged between routers in the cooperating autonomous systems. Typically, these VPNv4 eBGP updates are exchanged between route-reflectors configured with a multihop eBGP session as shown in FIG. 7. Because the next hop can be propagated unchanged across the eBGP session as learnt from an iBGP session, the next hop will be that of the originating PE and thus the tunnel endpoint used for the advertised VPNv4 prefix will be that of the originating PE even from PE routers in the remote AS. Intermediate service providers do not need to cooperate beyond providing IP connectivity between the autonomous systems.
  • FIG. 7 shows three autonomous systems SP1, SP2 and SP3. Consider PE3 24 in Service Provider SP3. This PE would advertise any prefixes learnt from CE routers using an IP address in the transport network as the next hop address. This prefix would be propagated to the route reflector in SP3 as a VPNv4 update. The route reflector would reflect the VPNv4 updates to the rest of the PE routers in SP3 and it would also propagate the VPNv4 updates to the route reflectors in SP1 and SP2. The next hop would still be of an interface on PE3. The router reflectors at SP2 and SP1 would in turn propagate the update to all the PE routers in those autonomous systems. So PE2 would receive the VPNv4 prefix from PE3. At this point, the invention is put to use by choosing to interpret the next hop address as pertaining to the RiV. When the advertised prefix is resolved, it turns out to be via the tunnel interface with the endpoint address resolving to the next hop address in the global routing table. All traffic destined to the prefix would be tunneled directly to the next hop advertised by PE3.
  • FIG. 8 shows a schematic representation of the multiple address spaces used in the invention. A first address space 800 and a second address space 802 are shown. The first address space 800 represents the VRF of a given node (e.g. router PE1). This first address space 800 includes the destination address (e.g. CE2, CE3 etc.) and information as to how traffic for the destination is to be forwarded through the network (e.g. via L(my_RiV)).
  • The information relating to forwarding of traffic for the destination has an address L and an indicator (my_RiV) that tells the PE to look at address L in the second address space 802.
  • The second address space 802 has an address (e.g. L) and interface information (e.g. on tunnel 1). The address L is the tunneling address for traffic received at PE1 and destined for CE2 and indicates an address in the first address space.
  • In the first address space the routing information for address L is then resolved to an address in the transport layer (e.g. L via P1).
  • Considering traffic destined for CE2. On receipt of traffic destined for CE2, PE1 looks up in the VRF 800 for the forwarding information for CE2. From VRF 800 PE1 looks up CE2 and finds the information “via L(my_RiV)”. In response, PE1 looks in the address space 802 labelled my_RiV, looks up L (as given in the VRF) and finds the information “on tunnel 1”. PE1 then looks in the first address space 800 to find the next hop for traffic to destination L and finds that it is P1. PE1 then encapsulates the traffic for CE2 in a tunnel header that has as its destination address L (as given in (my_RiV)) and a label that indicates that it is tunneled on tunnel 1 and forwards this onto the next hop P1.
  • The encapsulated traffic is then forwarded to L without the payload of the traffic being examined.
  • The VRF may also include forwarding information for traffic that is not to be tunneled. For instance, as shown in FIG. 8, traffic for CE5 and CE6 does not require to be tunneled. In the case of CE5, traffic for CE5 is to be forwarded in a normal switched manner via address Q and Q can be reached via P1. This information is wholly stored within the first address space 800. PE1 therefore switches traffic for CE5 with a destination node Q and this traffic is first switched to P1. This is also the case for destination CE6 as shown in FIG. 8, where traffic for CE6 is via node R and is switched via node P1.
  • Thus, for traffic that does not require tunneling, the VRF may contain explicit information telling the PE1 to look in the VRF for the forwarding information (as is the case for CE5) or the default address space may be set to be VRF is specified) or there is no forwarding information and the PE looks in the VPF by default for the next hop.
  • In the foregoing specification, the invention has been described with reference to specific embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense. For instance, the invention has been described with particular reference to VPNs. However the invention is applicable to any internetworking system in which traffic is to be tunneled and in particular to any internetworking system in which the internetwork layer IP address of a tunnel endpoint in a second address space corresponds to a numerically equivalent link layer IP address in a first address space.

Claims (17)

1. A router for directing traffic on a network, the router comprising:
a first address space including information relating to a destination address and information relating to forwarding of traffic for the destination address; and
a second address space including information relating to tunnel endpoint addresses, a tunnel endpoint address in the second address space being related to the forwarding information in the first address space.
2. A router according to claim 1, wherein all addresses in the second address space are directly connected to a multi-point tunnel network.
3. A router according to claim 1, wherein the tunnel endpoint address in the second address space is numerically identical to the address in the first address space.
4. A router according to claim 1, wherein the address in the first address space is a link layer IP address and the tunnel endpoint address in the second address space is an internetwork layer IP address.
5. A router according to claim 1, wherein a multipoint tunnel network is defined in the second address space.
6. A router according to claim 1, wherein a routing protocol update is used to distribute routing information between nodes of the network.
7. A router according to claim 1, wherein the receipt of an advertised next hop in a routing protocol update triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
8. A router according to claim 1, wherein a plurality of second address spaces are provided, corresponding to the definition of multiple tunnels.
9. A router for directing traffic via a network, the network including a plurality of interconnected nodes, the router comprising:
a first address space for storing information received from nodes of the network, the information indicating a destination address and information as to how traffic for the destination address is to be forwarded via a specified node of the network; and
a second address space for storing information relating to how traffic is to be tunneled to a node of the network, the information indicating a destination address, the destination address in the second address space being related to an address of the specified node in the first address space;
wherein on receipt of routing information for the destination, the router re-directing the traffic for the destination by changing the address space of the next node from the first address space to the second address space.
10. A method of creating a virtual private network via one or more networks owned by one or more internet service providers, the method comprising:
receiving information at a first node of the network that traffic for a destination is to the tunneled via a second node of the network, said information indicating that the traffic for the destination is to be tunneled to the node, said destination being part of a virtual private network; and
on receipt of routing information for the destination in the virtual private network, re-directing the traffic for the destination by changing the address space of the next node from a first address space to a second address space.
11. A method according to claim 10, wherein the information is in a routing update received via the network.
12. A method of redirecting traffic to be tunneled across a network, the method comprising:
deriving a link layer IP address of a multipoint tunnel endpoint from an internetwork layer IP address by making the link layer address numerically equivalent to the internetwork layer address, wherein the link layer address is in a first address space that is distinct from a second address space of the internetwork address; and
redirecting traffic by changing the address space of the next node from the first address space to the second address space.
13. A method according to claim 12, wherein information relating to a node to be directed to is received in a routing advertisement.
14. A method according to claim 13, wherein a multipoint tunnel network is defined in the second address space.
15. A method according to claim 14, wherein a routing protocol update is used to distribute routing information between nodes of the network.
16. A method according to claim 14, wherein the receipt of an advertised next hop in a routing protocol update triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
17. A method according to claim 14, wherein a plurality of second address spaces is provided, corresponding to the definition of multiple tunnels.
US11/652,359 2002-10-02 2007-01-10 Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks Abandoned US20070112975A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/652,359 US20070112975A1 (en) 2002-10-02 2007-01-10 Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/270,409 US7185107B1 (en) 2002-10-02 2002-10-02 Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks
US11/652,359 US20070112975A1 (en) 2002-10-02 2007-01-10 Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/270,409 Division US7185107B1 (en) 2002-10-02 2002-10-02 Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks

Publications (1)

Publication Number Publication Date
US20070112975A1 true US20070112975A1 (en) 2007-05-17

Family

ID=37769767

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/270,409 Expired - Fee Related US7185107B1 (en) 2002-10-02 2002-10-02 Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks
US11/652,359 Abandoned US20070112975A1 (en) 2002-10-02 2007-01-10 Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/270,409 Expired - Fee Related US7185107B1 (en) 2002-10-02 2002-10-02 Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks

Country Status (1)

Country Link
US (2) US7185107B1 (en)

Cited By (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050243839A1 (en) * 2004-04-30 2005-11-03 Alcatel Disabling mutually recursive routes
US20070288550A1 (en) * 2005-06-07 2007-12-13 Kabushiki Kaisha Toshiba Information Processing Server, Remote Control System, and Remote Control Method
US20090164835A1 (en) * 2007-12-19 2009-06-25 James Uttaro Method and system for survival of data plane through a total control plane failure
US20090190591A1 (en) * 2008-01-30 2009-07-30 Ganesh Chennimalai Sankaran Obtaining Information on Forwarding Decisions for a Packet Flow
US20100278181A1 (en) * 2004-11-16 2010-11-04 Juniper Networks, Inc. Point-to-multi-point/non-broadcasting mutli-access vpn tunnels
US20100329268A1 (en) * 2008-02-13 2010-12-30 Telefonaktiebolaget L M Ericsson (Publ) Overlay Network Node And Overlay Networks
US20110044351A1 (en) * 2009-08-19 2011-02-24 Brocade Communications Systems, Inc. Techniques for efficiently updating routing information upon shortest path tree computation
US20110069706A1 (en) * 2009-09-21 2011-03-24 Brocade Communications Systems, Inc. Techniques for next-hop optimization
US20110149979A1 (en) * 2009-12-17 2011-06-23 At&T Intellectual Property I, L.P. Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same
US20120215933A1 (en) * 2009-10-26 2012-08-23 Zte Corporation Method for performing dynamic tunnel message forwarding and switch thereof
US20120294166A1 (en) * 2011-05-20 2012-11-22 Brocade Communications Systems, Inc. Techniques for efficiently updating routing information
US8458467B2 (en) 2005-06-21 2013-06-04 Cisco Technology, Inc. Method and apparatus for adaptive application message payload content transformation in a network infrastructure element
US8606939B1 (en) * 2005-11-14 2013-12-10 Cisco Technology, Inc. Method of configuring an on-demand secure connection between a control site and a client network
US20140056300A1 (en) * 2012-08-21 2014-02-27 Futurewei Technologies, Inc. Method of Multiprotocol Label Switching Encapsulation for United Router Farm Forwarding
US20140075243A1 (en) * 2012-09-12 2014-03-13 International Business Machines Corporation Tunnel health check mechanism in overlay network
CN103873491A (en) * 2012-12-07 2014-06-18 华耀(中国)科技有限公司 VPN safe browser system and setting method
US20150215810A1 (en) * 2010-10-05 2015-07-30 Cisco Technology, Inc. System and method for offloading data in a communication system
US9197489B1 (en) 2012-03-30 2015-11-24 Amazon Technologies, Inc. Live migration of virtual machines in a hybrid network environment
US9479433B1 (en) * 2013-04-30 2016-10-25 Cisco Technology, Inc. Interconnecting virtual private networks
US9722933B2 (en) 2011-06-14 2017-08-01 Cisco Technology, Inc. Selective packet sequence acceleration in a network environment
US9928107B1 (en) 2012-03-30 2018-03-27 Amazon Technologies, Inc. Fast IP migration in a hybrid network environment
US10027589B1 (en) * 2016-06-30 2018-07-17 Juniper Network, Inc. Apparatus, system, and method for achieving redundancy and load-balancing across communication layers within networks
US10110433B2 (en) 2011-01-04 2018-10-23 Cisco Technology, Inc. System and method for exchanging information in a mobile wireless network environment
US10212076B1 (en) * 2012-12-27 2019-02-19 Sitting Man, Llc Routing methods, systems, and computer program products for mapping a node-scope specific identifier
US10313235B2 (en) * 2015-07-13 2019-06-04 Futurewei Technologies, Inc. Internet control message protocol enhancement for traffic carried by a tunnel over internet protocol networks
US10367737B1 (en) 2012-12-27 2019-07-30 Sitting Man, Llc Routing methods, systems, and computer program products
US10397100B1 (en) * 2012-12-27 2019-08-27 Sitting Man, Llc Routing methods, systems, and computer program products using a region scoped outside-scope identifier
US10397101B1 (en) * 2012-12-27 2019-08-27 Sitting Man, Llc Routing methods, systems, and computer program products for mapping identifiers
US10404583B1 (en) * 2012-12-27 2019-09-03 Sitting Man, Llc Routing methods, systems, and computer program products using multiple outside-scope identifiers
US10404582B1 (en) 2012-12-27 2019-09-03 Sitting Man, Llc Routing methods, systems, and computer program products using an outside-scope indentifier
US10411998B1 (en) * 2012-12-27 2019-09-10 Sitting Man, Llc Node scope-specific outside-scope identifier-equipped routing methods, systems, and computer program products
US10411997B1 (en) * 2012-12-27 2019-09-10 Sitting Man, Llc Routing methods, systems, and computer program products for using a region scoped node identifier
US10419335B1 (en) * 2012-12-27 2019-09-17 Sitting Man, Llc Region scope-specific outside-scope indentifier-equipped routing methods, systems, and computer program products
US10419334B1 (en) * 2012-12-27 2019-09-17 Sitting Man, Llc Internet protocol routing methods, systems, and computer program products
US10447575B1 (en) 2012-12-27 2019-10-15 Sitting Man, Llc Routing methods, systems, and computer program products
US10587505B1 (en) 2012-12-27 2020-03-10 Sitting Man, Llc Routing methods, systems, and computer program products
US20210336866A1 (en) * 2019-01-07 2021-10-28 Huawei Technologies Co., Ltd. Route Advertisement Method, Device, and System
US20210336870A1 (en) * 2019-01-07 2021-10-28 Huawei Technologies Co., Ltd. Route Recursion Control Method, Device, and System

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040258056A1 (en) * 2001-11-13 2004-12-23 Tomohiro Ishihara Provider connection system, packet exchange apparatus thereof, dns server, packet exchange method, and computer program thereof
US7457277B1 (en) * 2002-09-20 2008-11-25 Mahi Networks, Inc. System and method for network layer protocol routing in a peer model integrated optical network
US8737200B1 (en) * 2003-06-25 2014-05-27 Rockstar Consortium Us Lp MPLS/IP pseudo-wire and layer-2 virtual private network resiliency
US8074270B1 (en) * 2003-06-30 2011-12-06 Juniper Networks, Inc. Automatic configuration of network tunnels
US20050015511A1 (en) * 2003-07-02 2005-01-20 Nec Laboratories America, Inc. Accelerated large data distribution in overlay networks
US7330907B2 (en) 2003-10-02 2008-02-12 Internet Associates, Llc Methods, computer systems, and computer readable media for controlling the status of network address space
US20050086469A1 (en) * 2003-10-17 2005-04-21 Microsoft Corporation Scalable, fault tolerant notification method
US7586922B2 (en) * 2004-03-12 2009-09-08 Telefonaktiebolaget Lm Ericsson (Publ) Providing higher layer packet/frame boundary information in GRE frames
US7519079B2 (en) * 2004-09-08 2009-04-14 Telefonaktiebolaget L M Ericsson (Publ) Generic routing encapsulation over point-to-point protocol
US7894445B2 (en) * 2004-10-13 2011-02-22 Csc Holdings, Inc. Method and system for redirecting networked traffic
US20060133265A1 (en) * 2004-12-22 2006-06-22 Alcatel Virtual private networking methods and systems
US7408941B2 (en) * 2005-06-14 2008-08-05 Cisco Technology, Inc. Method for auto-routing of multi-hop pseudowires
US8595295B2 (en) * 2006-06-30 2013-11-26 Google Inc. Method and system for determining and sharing a user's web presence
US8179905B1 (en) * 2006-09-27 2012-05-15 At&T Intellectual Property Ii, L.P. Method and apparatus for providing communication for virtual private networks
WO2008063858A2 (en) * 2006-11-21 2008-05-29 Nortel Networks Limited Supporting bgp based ip-vpn in a routed network
US8929364B2 (en) * 2007-11-06 2015-01-06 Avaya Inc. Supporting BGP based IP-VPN in a routed network
US8743740B2 (en) * 2008-04-08 2014-06-03 At&T Intellectual Property I, L.P. Methods and apparatus to implement a partial mesh virtual private local area network service
US7924830B2 (en) 2008-10-21 2011-04-12 At&T Intellectual Property I, Lp System and method to route data in an anycast environment
JP5310262B2 (en) * 2009-05-27 2013-10-09 日本電気株式会社 Server apparatus, transmission system, and GRE encapsulated transfer method used therefor
US20110087789A1 (en) * 2009-10-13 2011-04-14 Nokia Corporation Subscription based network routing tables and enforcement for overlay networks
US8161190B2 (en) * 2009-12-14 2012-04-17 At&T Intellectual Property I, L.P. System and method to manage static internet protocol addresses
CN101795235B (en) * 2010-03-18 2014-03-19 中兴通讯股份有限公司 Route map treatment method and operator edge device
US8799510B2 (en) 2011-07-05 2014-08-05 Cisco Technology, Inc. Managing host routes for local computer networks with a plurality of field area routers
US9888028B2 (en) * 2013-05-03 2018-02-06 Centurylink Intellectual Property Llc Combination of remote triggered source and destination blackhole filtering
US9565034B2 (en) * 2013-12-11 2017-02-07 Cisco Technology, Inc. System and method for scalable inter-domain overlay networking
US9825777B2 (en) * 2015-06-23 2017-11-21 Cisco Technology, Inc. Virtual private network forwarding and nexthop to transport mapping scheme
US9838315B2 (en) * 2015-07-29 2017-12-05 Cisco Technology, Inc. Stretched subnet routing
US10979392B2 (en) 2017-10-19 2021-04-13 Bank Of America Corporation Preventing unauthorized access to secure enterprise information systems using a multi-filtering and randomizing control system
US10698752B2 (en) 2017-10-26 2020-06-30 Bank Of America Corporation Preventing unauthorized access to secure enterprise information systems using a multi-intercept system
US10680945B1 (en) 2018-09-27 2020-06-09 Amazon Technologies, Inc. Extending overlay networks to edge routers of a substrate network
US10958561B1 (en) * 2019-03-25 2021-03-23 Juniper Networks, Inc. Utilizing egress peer engineering to determine optimized traffic plans and to implement an optimized traffic plan
US11444804B2 (en) 2019-11-21 2022-09-13 Oracle International Corporation System and method for preventing switch loops in layer-2 networks
US11463276B2 (en) 2019-11-21 2022-10-04 Oracle International Corporation System and method for providing a multi-dimensional ring-lattice network topology
CN113630300B (en) * 2020-05-09 2023-08-08 华为技术有限公司 Method and node for message transmission

Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020032871A1 (en) * 2000-09-08 2002-03-14 The Regents Of The University Of Michigan Method and system for detecting, tracking and blocking denial of service attacks over a computer network
US20020080819A1 (en) * 2000-10-30 2002-06-27 Shiao-Li Tsao Packet tunneling method in mobile data communication network
US20020133618A1 (en) * 2001-03-14 2002-09-19 Desai Bhavesh N. Tunneling system for a cable data service
US20030046587A1 (en) * 2001-09-05 2003-03-06 Satyam Bheemarasetti Secure remote access using enterprise peer networks
US20030086422A1 (en) * 2001-11-02 2003-05-08 Netvmg, Inc. System and method to provide routing control of information over networks
US20030099232A1 (en) * 2001-11-26 2003-05-29 Hideyuki Kudou Router having a function to prevent a packet sequence inversion
US20030108041A1 (en) * 2001-12-07 2003-06-12 Nortell Networks Limited Tunneling scheme optimized for use in virtual private netwoks
US6591306B1 (en) * 1999-04-01 2003-07-08 Nec Corporation IP network access for portable devices
US20030158962A1 (en) * 2002-02-21 2003-08-21 John Keane Methods and systems for resolving addressing conflicts based on tunnel information
US20040001433A1 (en) * 2001-07-18 2004-01-01 Gram Charles Andrew Interactive control of network devices
US20040030804A1 (en) * 1999-03-12 2004-02-12 Nortel Networks Limited Multi-cast enabled address resolution protocol (ME-ARP)
US20040047322A1 (en) * 2002-04-15 2004-03-11 O'neill Alan Methods and apparatus for tunneling between different addressing domains
US20040064581A1 (en) * 2002-07-11 2004-04-01 Sony Corporation Data forwarding controller communication terminal apparatus, data communication system and method, and computer program
US20050165834A1 (en) * 2001-06-08 2005-07-28 Nadeau Thomas D. Method and apparatus for controlled access of requests from virtual private network devices to managed information objects using simple network management protocol and multi-topology routing
US20050190758A1 (en) * 2004-03-01 2005-09-01 Cisco Technology, Inc. Security groups for VLANs
US20060007929A1 (en) * 2001-03-14 2006-01-12 Desai Bhavesh N Transmit and receive system for a cable data service
US7068661B1 (en) * 1999-07-13 2006-06-27 Alcatel Canada Inc. Method and apparatus for providing control information in a system using distributed communication routing
US20060288208A1 (en) * 2005-06-21 2006-12-21 Vinod Dashora Method and apparatus for adaptive application message payload content transformation in a network infrastructure element
US20070253346A1 (en) * 2006-05-01 2007-11-01 Cisco Technology, Inc. Detection of potential forwarding loops in bridged networks
US7596110B2 (en) * 2002-02-28 2009-09-29 Telefonaktiebolaget L M Ericsson (Publ) Routing in virtual private network

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040030804A1 (en) * 1999-03-12 2004-02-12 Nortel Networks Limited Multi-cast enabled address resolution protocol (ME-ARP)
US6591306B1 (en) * 1999-04-01 2003-07-08 Nec Corporation IP network access for portable devices
US7068661B1 (en) * 1999-07-13 2006-06-27 Alcatel Canada Inc. Method and apparatus for providing control information in a system using distributed communication routing
US20020032871A1 (en) * 2000-09-08 2002-03-14 The Regents Of The University Of Michigan Method and system for detecting, tracking and blocking denial of service attacks over a computer network
US20020080819A1 (en) * 2000-10-30 2002-06-27 Shiao-Li Tsao Packet tunneling method in mobile data communication network
US20060007929A1 (en) * 2001-03-14 2006-01-12 Desai Bhavesh N Transmit and receive system for a cable data service
US20020133618A1 (en) * 2001-03-14 2002-09-19 Desai Bhavesh N. Tunneling system for a cable data service
US20050165834A1 (en) * 2001-06-08 2005-07-28 Nadeau Thomas D. Method and apparatus for controlled access of requests from virtual private network devices to managed information objects using simple network management protocol and multi-topology routing
US20040001433A1 (en) * 2001-07-18 2004-01-01 Gram Charles Andrew Interactive control of network devices
US20030046587A1 (en) * 2001-09-05 2003-03-06 Satyam Bheemarasetti Secure remote access using enterprise peer networks
US20030086422A1 (en) * 2001-11-02 2003-05-08 Netvmg, Inc. System and method to provide routing control of information over networks
US20030099232A1 (en) * 2001-11-26 2003-05-29 Hideyuki Kudou Router having a function to prevent a packet sequence inversion
US20030108041A1 (en) * 2001-12-07 2003-06-12 Nortell Networks Limited Tunneling scheme optimized for use in virtual private netwoks
US20030158962A1 (en) * 2002-02-21 2003-08-21 John Keane Methods and systems for resolving addressing conflicts based on tunnel information
US7596110B2 (en) * 2002-02-28 2009-09-29 Telefonaktiebolaget L M Ericsson (Publ) Routing in virtual private network
US20040047322A1 (en) * 2002-04-15 2004-03-11 O'neill Alan Methods and apparatus for tunneling between different addressing domains
US20040064581A1 (en) * 2002-07-11 2004-04-01 Sony Corporation Data forwarding controller communication terminal apparatus, data communication system and method, and computer program
US20050190758A1 (en) * 2004-03-01 2005-09-01 Cisco Technology, Inc. Security groups for VLANs
US20060288208A1 (en) * 2005-06-21 2006-12-21 Vinod Dashora Method and apparatus for adaptive application message payload content transformation in a network infrastructure element
US20070253346A1 (en) * 2006-05-01 2007-11-01 Cisco Technology, Inc. Detection of potential forwarding loops in bridged networks

Cited By (84)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7423974B2 (en) 2004-04-30 2008-09-09 Alcatel Disabling mutually recursive routes
US20050243839A1 (en) * 2004-04-30 2005-11-03 Alcatel Disabling mutually recursive routes
US20120137358A1 (en) * 2004-11-16 2012-05-31 Juniper Networks, Inc. Point-to-multi-point/non-broadcasting multi-access vpn tunnels
US8127349B2 (en) * 2004-11-16 2012-02-28 Juniper Networks, Inc. Point-to-multi-point/non-broadcasting multi-access VPN tunnels
US20100278181A1 (en) * 2004-11-16 2010-11-04 Juniper Networks, Inc. Point-to-multi-point/non-broadcasting mutli-access vpn tunnels
US8631087B2 (en) * 2005-06-07 2014-01-14 Kabushiki Kaisha Toshiba Information processing server, remote control system, and remote control method using a tunnel to determine a service on another network and executing the service without using the tunnel
US20070288550A1 (en) * 2005-06-07 2007-12-13 Kabushiki Kaisha Toshiba Information Processing Server, Remote Control System, and Remote Control Method
US8458467B2 (en) 2005-06-21 2013-06-04 Cisco Technology, Inc. Method and apparatus for adaptive application message payload content transformation in a network infrastructure element
US8606939B1 (en) * 2005-11-14 2013-12-10 Cisco Technology, Inc. Method of configuring an on-demand secure connection between a control site and a client network
US8667174B2 (en) 2007-12-19 2014-03-04 At&T Intellectual Property I, L.P. Method and system for survival of data plane through a total control plane failure
US20090164835A1 (en) * 2007-12-19 2009-06-25 James Uttaro Method and system for survival of data plane through a total control plane failure
US8396988B2 (en) * 2007-12-19 2013-03-12 At&T Intellectual Property I, L.P. Method and system for survival of data plane through a total control plane failure
US7817636B2 (en) * 2008-01-30 2010-10-19 Cisco Technology, Inc. Obtaining information on forwarding decisions for a packet flow
US20090190591A1 (en) * 2008-01-30 2009-07-30 Ganesh Chennimalai Sankaran Obtaining Information on Forwarding Decisions for a Packet Flow
US20100329268A1 (en) * 2008-02-13 2010-12-30 Telefonaktiebolaget L M Ericsson (Publ) Overlay Network Node And Overlay Networks
US8817595B2 (en) * 2008-02-13 2014-08-26 Telefonaktiebolaget L M Ericsson (Publ) Overlay network node and overlay networks
US9106512B2 (en) 2009-08-19 2015-08-11 Brocade Communications Systems, Inc. Techniques for efficiently updating routing information upon shortest path tree computation
US8565247B2 (en) 2009-08-19 2013-10-22 Brocade Communications Systems, Inc. Techniques for efficiently updating routing information upon shortest path tree computation
US20110044351A1 (en) * 2009-08-19 2011-02-24 Brocade Communications Systems, Inc. Techniques for efficiently updating routing information upon shortest path tree computation
US20110069706A1 (en) * 2009-09-21 2011-03-24 Brocade Communications Systems, Inc. Techniques for next-hop optimization
US8873563B2 (en) 2009-09-21 2014-10-28 Brocade Communications Systems, Inc. Techniques for next-hop optimization
US20120215933A1 (en) * 2009-10-26 2012-08-23 Zte Corporation Method for performing dynamic tunnel message forwarding and switch thereof
US9088498B2 (en) * 2009-12-17 2015-07-21 At&T Intellectual Property I, L.P. Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same
US8761185B2 (en) * 2009-12-17 2014-06-24 At&T Intellectual Property I, L.P. Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same
US20110149979A1 (en) * 2009-12-17 2011-06-23 At&T Intellectual Property I, L.P. Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same
US20140269730A1 (en) * 2009-12-17 2014-09-18 At&T Intellectual Property I, L.P. Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same
US9973961B2 (en) * 2010-10-05 2018-05-15 Cisco Technology, Inc. System and method for offloading data in a communication system
US20150215810A1 (en) * 2010-10-05 2015-07-30 Cisco Technology, Inc. System and method for offloading data in a communication system
US10110433B2 (en) 2011-01-04 2018-10-23 Cisco Technology, Inc. System and method for exchanging information in a mobile wireless network environment
US9007918B2 (en) 2011-05-20 2015-04-14 Brocade Communications Systems, Inc. Techniques for efficiently updating routing information
US20120294166A1 (en) * 2011-05-20 2012-11-22 Brocade Communications Systems, Inc. Techniques for efficiently updating routing information
US8503464B2 (en) * 2011-05-20 2013-08-06 Brocade Communications Systems, Inc. Techniques for efficiently updating routing information
US9722933B2 (en) 2011-06-14 2017-08-01 Cisco Technology, Inc. Selective packet sequence acceleration in a network environment
US9928107B1 (en) 2012-03-30 2018-03-27 Amazon Technologies, Inc. Fast IP migration in a hybrid network environment
US9197489B1 (en) 2012-03-30 2015-11-24 Amazon Technologies, Inc. Live migration of virtual machines in a hybrid network environment
US20140056300A1 (en) * 2012-08-21 2014-02-27 Futurewei Technologies, Inc. Method of Multiprotocol Label Switching Encapsulation for United Router Farm Forwarding
US8948179B2 (en) * 2012-08-21 2015-02-03 Futurewei Technologies, Inc. Method of multiprotocol label switching encapsulation for united router farm forwarding
US20140075243A1 (en) * 2012-09-12 2014-03-13 International Business Machines Corporation Tunnel health check mechanism in overlay network
US9253061B2 (en) * 2012-09-12 2016-02-02 International Business Machines Corporation Tunnel health check mechanism in overlay network
CN103873491A (en) * 2012-12-07 2014-06-18 华耀(中国)科技有限公司 VPN safe browser system and setting method
US10411997B1 (en) * 2012-12-27 2019-09-10 Sitting Man, Llc Routing methods, systems, and computer program products for using a region scoped node identifier
US10574562B1 (en) 2012-12-27 2020-02-25 Sitting Man, Llc Routing methods, systems, and computer program products
US11784914B1 (en) 2012-12-27 2023-10-10 Morris Routing Technologies, Llc Routing methods, systems, and computer program products
US11196660B1 (en) 2012-12-27 2021-12-07 Sitting Man, Llc Routing methods, systems, and computer program products
US10212076B1 (en) * 2012-12-27 2019-02-19 Sitting Man, Llc Routing methods, systems, and computer program products for mapping a node-scope specific identifier
US11012344B1 (en) 2012-12-27 2021-05-18 Sitting Man, Llc Routing methods, systems, and computer program products
US10367737B1 (en) 2012-12-27 2019-07-30 Sitting Man, Llc Routing methods, systems, and computer program products
US10382327B1 (en) 2012-12-27 2019-08-13 Sitting Man, Llc Methods, systems, and computer program products for routing using headers including a sequence of node scope-specific identifiers
US10389624B1 (en) 2012-12-27 2019-08-20 Sitting Man, Llc Scoped identifier space routing methods, systems, and computer program products
US10389625B1 (en) 2012-12-27 2019-08-20 Sitting Man, Llc Routing methods, systems, and computer program products for using specific identifiers to transmit data
US10397100B1 (en) * 2012-12-27 2019-08-27 Sitting Man, Llc Routing methods, systems, and computer program products using a region scoped outside-scope identifier
US10397101B1 (en) * 2012-12-27 2019-08-27 Sitting Man, Llc Routing methods, systems, and computer program products for mapping identifiers
US10404583B1 (en) * 2012-12-27 2019-09-03 Sitting Man, Llc Routing methods, systems, and computer program products using multiple outside-scope identifiers
US10404582B1 (en) 2012-12-27 2019-09-03 Sitting Man, Llc Routing methods, systems, and computer program products using an outside-scope indentifier
US10411998B1 (en) * 2012-12-27 2019-09-10 Sitting Man, Llc Node scope-specific outside-scope identifier-equipped routing methods, systems, and computer program products
US10862791B1 (en) 2012-12-27 2020-12-08 Sitting Man, Llc DNS methods, systems, and computer program products
US10419335B1 (en) * 2012-12-27 2019-09-17 Sitting Man, Llc Region scope-specific outside-scope indentifier-equipped routing methods, systems, and computer program products
US10419334B1 (en) * 2012-12-27 2019-09-17 Sitting Man, Llc Internet protocol routing methods, systems, and computer program products
US10447575B1 (en) 2012-12-27 2019-10-15 Sitting Man, Llc Routing methods, systems, and computer program products
US10476788B1 (en) * 2012-12-27 2019-11-12 Sitting Man, Llc Outside-scope identifier-equipped routing methods, systems, and computer program products
US10498642B1 (en) * 2012-12-27 2019-12-03 Sitting Man, Llc Routing methods, systems, and computer program products
US10841198B1 (en) 2012-12-27 2020-11-17 Sitting Man, Llc Routing methods, systems, and computer program products
US10587505B1 (en) 2012-12-27 2020-03-10 Sitting Man, Llc Routing methods, systems, and computer program products
US10594594B1 (en) 2012-12-27 2020-03-17 Sitting Man, Llc Routing methods, systems, and computer program products
US10652134B1 (en) 2012-12-27 2020-05-12 Sitting Man, Llc Routing methods, systems, and computer program products
US10652133B1 (en) 2012-12-27 2020-05-12 Sitting Man, Llc Routing methods, systems, and computer program products
US10652150B1 (en) 2012-12-27 2020-05-12 Sitting Man, Llc Routing methods, systems, and computer program products
US10708168B1 (en) 2012-12-27 2020-07-07 Sitting Man, Llc Routing methods, systems, and computer program products
US10721164B1 (en) 2012-12-27 2020-07-21 Sitting Man, Llc Routing methods, systems, and computer program products with multiple sequences of identifiers
US10735306B1 (en) 2012-12-27 2020-08-04 Sitting Man, Llc Routing methods, systems, and computer program products
US10757020B2 (en) 2012-12-27 2020-08-25 Sitting Man, Llc Routing methods, systems, and computer program products
US10757010B1 (en) 2012-12-27 2020-08-25 Sitting Man, Llc Routing methods, systems, and computer program products
US10764171B1 (en) 2012-12-27 2020-09-01 Sitting Man, Llc Routing methods, systems, and computer program products
US10785143B1 (en) 2012-12-27 2020-09-22 Sitting Man, Llc Routing methods, systems, and computer program products
US10805204B1 (en) 2012-12-27 2020-10-13 Sitting Man, Llc Routing methods, systems, and computer program products
US9871675B2 (en) * 2013-04-30 2018-01-16 Cisco Technology, Inc. Interconnecting virtual private networks
US9479433B1 (en) * 2013-04-30 2016-10-25 Cisco Technology, Inc. Interconnecting virtual private networks
US20170005831A1 (en) * 2013-04-30 2017-01-05 Cisco Technology, Inc. Interconnecting virtual private networks
US10313235B2 (en) * 2015-07-13 2019-06-04 Futurewei Technologies, Inc. Internet control message protocol enhancement for traffic carried by a tunnel over internet protocol networks
US10027589B1 (en) * 2016-06-30 2018-07-17 Juniper Network, Inc. Apparatus, system, and method for achieving redundancy and load-balancing across communication layers within networks
US20210336866A1 (en) * 2019-01-07 2021-10-28 Huawei Technologies Co., Ltd. Route Advertisement Method, Device, and System
US20210336870A1 (en) * 2019-01-07 2021-10-28 Huawei Technologies Co., Ltd. Route Recursion Control Method, Device, and System
US11652737B2 (en) * 2019-01-07 2023-05-16 Huawei Technologies Co., Ltd. Route recursion control method, device, and system
US11888722B2 (en) * 2019-01-07 2024-01-30 Huawei Technologies Co., Ltd. Route advertisement method, device, and system

Also Published As

Publication number Publication date
US7185107B1 (en) 2007-02-27

Similar Documents

Publication Publication Date Title
US7185107B1 (en) Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks
US10764146B2 (en) Segment routing over label distribution protocol
CN111740913B (en) Method, router and readable medium for forwarding network traffic in computer network
EP3211839B1 (en) Split-horizon packet forwarding in a mh-pbb-evpn network
JP5600189B2 (en) VPN implementation over a link state protocol controlled Ethernet network
JP5550757B2 (en) Ethernet network controlled by IP forwarding with link state protocol
US8665887B2 (en) Number automatic routing method, updating method, withdrawing method, router and device
US7590119B2 (en) Method and apparatus for context-based prefix updates in border gateway protocol
US8812726B2 (en) Service insertion in a computer network using internet protocol version 6 techniques
US6631137B1 (en) Method and system for improving high speed internetwork data transfers
CN110832813A (en) Ethernet virtual private network using segmented routing
CN113645136B (en) Method, network node and network system for forwarding message in network
US8937961B1 (en) Modular software architecture for a route server within an internet exchange
US20070258447A1 (en) Inter-area summarization of edge-device addresses using RFC3107
US7969995B2 (en) Method and apparatus for constructing a forwarding database for a data communications network
CA2436860A1 (en) Auto-tunnelling in a heterogenous network
JP2006514496A (en) Virtual private network interconnection method in disconnected mode
WO2023284675A1 (en) Forwarding table lookup method and apparatus, and storage medium and electronic apparatus
WO2024007762A1 (en) Route publishing method, and communication method and apparatus
Nakamura et al. ovstack: A protocol stack of common data plane for overlay networks

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION