US20070112975A1 - Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks - Google Patents
Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks Download PDFInfo
- Publication number
- US20070112975A1 US20070112975A1 US11/652,359 US65235907A US2007112975A1 US 20070112975 A1 US20070112975 A1 US 20070112975A1 US 65235907 A US65235907 A US 65235907A US 2007112975 A1 US2007112975 A1 US 2007112975A1
- Authority
- US
- United States
- Prior art keywords
- address
- network
- address space
- traffic
- tunnel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/16—Multipoint routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/64—Routing or path finding of packets in data switching networks using an overlay routing layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/668—Internet protocol [IP] address subnets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
Definitions
- This invention generally relates to the field of internetworking in data communications.
- the invention relates more specifically to redirecting network traffic through a multipoint tunnel overlay network using distinct IP address spaces for the overlay and transport networks.
- An internet comprises a plurality of sites attached to a common network known as a backbone. Traffic between sites is routed from the source to a destination via nodes of the network. The traffic may be switched at the nodes based on the destination address. Alternatively, the traffic may be switched based on a header that is pre-pended to the original traffic such that some intermediate routing nodes have no knowledge of the final destination address.
- This latter approach is known as tunneling and one well-known use of this approach is in the provision of virtual private networks (VPNs). This application of tunneling will be used to exemplify the invention but the invention is not intended to be limited to this area of application.
- VPNs virtual private networks
- the Internet Engineering Task Force (IETF) was set up to establish internet protocols.
- the IETF RFC2547 (March 1999) deals with the provision of VPN services by a service provider.
- CE Customer Edge
- PE Provider Edge
- the service provider's network comprises the PE routers and as well as other routers (P routers) that are not attached to CE devices.
- PE Provider-Edge routers
- IP “tunnels” which can be used to transport traffic across a service provider network. This idea was proposed by Eric Rosen and Yakov Rekhter in their IETF proposal entitled “Use of PE-PE GRE or IP in RFC2547 VPNs” (available from the IETF website and found at http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-gre-ip-2547-01.txt).
- each PE router maintains a number of forwarding tables. Each site to which the PE is attached is mapped to one of the forwarding tables. On receipt of a packet from a site, the forwarding table for that site is consulted to determine the route for the packet. Once a PE learns of a site that is reachable from a new site, this information is distributed to all the other PE routers to which the PE router is attached, for instance by using a protocol such as BGP (Border Gateway Protocol). The PE routers update their forwarding tables in response.
- BGP Border Gateway Protocol
- PE routers exchange VPNv4 routes using BGP.
- a PE router receives enough information in a VPNv4 update so as to determine that traffic received at a router, destined to some prefix P/m, should be tunneled to a destination N′.
- a PE router receiving this information must set up its forwarding path to do just this.
- IP based tunneling from one PE to another may be used as proposed in the Rosen/Rekhter draft referred to above.
- a logical IP tunnel network makes the endpoints of the tunnel, i.e. the PE routers, immediately adjacent at the internetwork layer-layer 3 .
- an overlay network is used to represent the direct path taken by tunneled traffic. This overlay network is accessed by a PE router through a logical tunnel interface.
- N′ is an address on the tunnel overlay network and such that N is the tunnel address of a PE router reachable at N′ on the transport network.
- an IP route of the form “P/m via N reachable through tunnel interface” is set up.
- the use of a tunnel interface and a tunnel overlay network allow routes in a routing table to prescribe how traffic should be routed without introducing exceptions for tunneled as opposed to forwarded traffic.
- the tunnel interface identifies that tunnel encapsulation must be imposed and N identifies which tunnel endpoint should be used.
- the PE router When a routing update for the prefix P/m is received, the PE router needs to install the prefix P/m in the appropriate routing and forwarding table. A route lookup in this table for a destination covered by this prefix P/m should return the appropriate next hop/interface to which to dispatch the packet. To enable traffic to be transported over the tunnel overlay (i.e. tunneled through the transport network) to the remote PE, the route lookup must return a next hop on the overlay tunnel network.
- the prefix 100.4.4.0/24 with next hop N must resolve through the connected tunnel network in order to ensure that traffic to 100.4.4.0/24 is tunneled through the transport network.
- Linking 100.4.4.0/24 to a next hop N on the tunnel interface completes the forwarding setup for traffic sent to 100.4.4.0/24.
- the IP address N on the tunnel would then have to be resolved to an underlying IP address of the router (123.1.1.4 in the example shown in FIG. 1 ) so that the outer IP header imposed when tunneling through the transport network can be populated appropriately and traffic can be tunneled to the destination through the transport network.
- This process is analogous to resolving an IP next hop address to a MAC address using ARP on an Ethernet interface.
- the disadvantages of this solution include: the need to use an address resolution protocol to provide the mapping between the IP address of the tunnel endpoint in the overlay network and the underlying transport address; and the allocation of address space by a service provider for the tunnel network such that all tunnel endpoints are provided with unique addresses, which are distinct from those of the transport network.
- Address allocation and address resolution become more challenging if multiple service providers coordinate to provide the tunnel overlay network.
- the overlay network is shared amongst all service providers and every router on the end of a tunnel is adjacent to every other one. Coordinating addressing and address resolution on the overlay network in such a case is more complicated if all addresses need to be unique amongst the set of addresses on the overlay AND the transport network.
- a method for directing traffic across a network On receipt of traffic for a destination address in a network, there is looked up in a first address space information as to how traffic for the destination is to be forwarded, the information including a specified node N. There is then looked up in the second address space an address of the specified node N, the address of the node N in the second address space being related to an address in the first address space. For traffic that is to be tunneled to a specified node, the traffic is encapsulated in a header including the address specified in the first address space that is related to the address in the second address space.
- the address in the second address space is preferably numerically identical to the related address in the first address space.
- the related address in the first address space may be a link layer IP address corresponding to the internetwork layer IP address of a tunnel endpoint in the second address space.
- a multipoint tunnel network may be defined in the second address space.
- a routing protocol update may be used to distribute routing information between nodes of the network. This may take the form of an advertised next hop in a routing protocol update, the receipt of which triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
- the IP address in the second address space is an internetwork layer IP address and the IP address in the first address space is a link layer IP address
- a plurality of second address spaces may be provided, corresponding to the definition of multiple tunnels.
- a router for directing traffic on a network, the router comprising a first address space including information relating to a destination address and information relating to forwarding of traffic for the destination address and a second address space including information relating to tunnel endpoint addresses.
- a tunnel endpoint address in the second address space is related to the forwarding information in the first address space.
- All addresses in the second address space may be directly connected to a multi-point tunnel network.
- the addresses in the second address space thus define a multi-point tunnel network.
- the tunnel endpoint address in the second address space is preferably numerically identical to the address in the first address space.
- the address in the first address space may be a link layer IP address and the tunnel endpoint address in the second address space may be an internetwork layer IP address.
- a routing protocol update may be used to distribute routing information between nodes of the network.
- the receipt of an advertised next hop in a routing protocol update triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
- a plurality of second address spaces may be provided, corresponding to the definition of multiple tunnels.
- a router for directing traffic via a network comprises a first address space for storing information received from nodes of the network.
- the information indicates a destination address and information as to how traffic for the destination address is to be forwarded via a specified node of the network.
- a second address space stores information relating to how traffic is to be tunneled to a node of the network, the information indicating a destination address.
- the destination address in the second address space is related to an address of the specified node in the first address space.
- the router On receipt of routing information for the destination, the router re-directs the traffic for the destination by changing the address space of the next node from the first address space to the second address space.
- a method of creating a virtual private network via one or more networks owned by one or more internet service providers comprises receiving information at a first node of the network that traffic for a destination is to the tunneled via a second node of the network.
- the information indicates that the traffic for the destination is to be tunneled to the node.
- the destination is part of a virtual private network.
- the traffic for the destination is re-directed by changing the address space of the next node from a first address space to a second address space.
- the information may be in a routing update received via the network.
- a method of redirecting traffic to be tunneled across a network comprises deriving a link layer IP address of a multipoint tunnel endpoint from an internetwork layer IP address by making the link layer address numerically equivalent to the internetwork layer address, the link layer address being in a first address space distinct from a second address space of the internetwork address. Traffic is redirected by changing the address space of the next node from the first address space to the second address space.
- the present invention can be used in conjunction with other mechanisms to provide a service provider with a transport mechanism based on IP tunnels for the delivery of virtual private networks.
- FIG. 1 shows an example of a tunnel overlay network
- FIG. 2 is a block diagram that illustrates a computer system upon which an embodiment of the invention may be implemented
- FIG. 3 shows an example of encapsulation using MPLS Label
- FIG. 4 shows an example of a RFC2547-based VPN using a tunnel overlay network
- FIG. 5 shows how a tunnel address is resolved to its endpoint in accordance with the invention
- FIG. 6 shows an example of the invention implemented using multipoint GRE tunnel/VPN
- FIG. 7 shows an example of a network according to the invention implemented as an InterAS multipoint GRE tunnel VPN
- FIG. 8 is a schematic representation of a first and second address space as proposed in the invention.
- Computer system 200 includes a bus 202 or other communication mechanism for communicating information, and a processor 204 coupled with bus 202 for processing information.
- Computer system 200 also includes a main memory 206 , such as a random access memory (RAM), flash memory, or other dynamic storage device, coupled to bus 202 for storing information and instructions to be executed by processor 204 .
- Main memory 206 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 204 .
- Computer system 200 further includes a read only memory (ROM) 208 or other static storage device coupled to bus 202 for storing static information and instructions for processor 204 .
- a storage device 210 such as a magnetic disk, flash memory or optical disk, is provided and coupled to bus 202 for storing information and instructions.
- a communication interface 218 may be coupled to bus 202 for communicating information and command selections to processor 204 .
- Interface 218 is a conventional serial interface such as an RS-232 or RS-422 interface.
- An external terminal 212 or other computer system connects to the computer system 200 and provides commands to it using the interface 214 .
- Firmware or software running in the computer system 200 provides a terminal interface or character-based command interface so that external commands can be given to the computer system.
- a switching system 216 is coupled to bus 202 and has an input interface 214 and an output interface 219 to one or more external network elements.
- the external network elements may include a local network 222 coupled to one or more hosts 332 , or a global network such as Internet 228 having one or more servers 230 .
- the switching system 216 switches information traffic arriving on input interface 214 to output interface 219 according to pre-determined protocols and conventions that are well known. For example, switching system 216 , in cooperation with processor 204 , can determine a destination of a packet of data arriving on input interface 214 and send it to the correct destination using output interface 219 .
- the destinations may include host 332 ,server 230 , other end stations, or other routing and switching devices in local network 222 or Internet 228 .
- the invention is related to the use of computer system 200 for redirecting traffic, especially tunneling traffic. According to one embodiment of the invention, this is provided by computer system 200 in response to processor 204 executing one or more sequences of one or more instructions contained in main memory 206 . Such instructions may be read into main memory 206 from another computer-readable medium, such as storage device 210 . Execution of the sequences of instructions contained in main memory 206 causes processor 204 to perform the process steps described herein. One or more processors in a multi-processing arrangement may also be employed to execute the sequences of instructions contained in main memory 206 . In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.
- Non-volatile media includes, for example, optical or magnetic disks, such as storage device 210 .
- Volatile media includes dynamic memory, such as main memory 206 .
- Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 202 . Transmission media can also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications.
- Computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
- Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to processor 204 for execution.
- the instructions may initially be carried on a magnetic disk of a remote computer.
- the remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem.
- a modem local to computer system 200 can receive the data on the telephone line and use an infrared transmitter to convert the data to an infrared signal.
- An infrared detector coupled to bus 202 can receive the data carried in the infrared signal and place the data on bus 202 .
- Bus 202 carries the data to main memory 206 , from which processor 204 retrieves and executes the instructions.
- the instructions received by main memory 206 may optionally be stored on storage device 210 either before or after execution by processor 204 .
- Communication interface 218 also provides a two-way data communication coupling to a network link 220 that is connected to a local network 222 .
- communication interface 218 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line.
- ISDN integrated services digital network
- communication interface 218 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN.
- LAN local area network
- Wireless links may also be implemented.
- communication interface 218 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
- Network link 220 typically provides data communication through one or more networks to other data devices.
- network link 220 may provide a connection through local network 222 to a host computer 224 or to data equipment operated by an Internet Service Provider (ISP) 226 .
- ISP 226 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 228 .
- Internet 228 uses electrical, electromagnetic or optical signals that carry digital data streams.
- the signals through the various networks and the signals on network link 220 and through communication interface 218 which carry the digital data to and from computer system 200 , are exemplary forms of carrier waves transporting the information.
- Computer system 200 can send messages and receive data, including program code, through the network(s), network link 220 and communication interface 218 .
- a server 230 might transmit a requested code for an application program through Internet 228 , ISP 226 , local network 222 and communication interface 218 .
- one such downloaded application provides for tunneling as described herein.
- the received code may be executed by processor 204 as it is received, and/or stored in storage device 210 , or other non-volatile storage for later execution. In this manner, computer system 200 may obtain application code in the form of a carrier wave.
- the invention will be described with reference to the provision of Virtual Private Networks. However the invention is applicable to any internetworking system in which traffic is to be tunneled. Multiple service providers may cooperate and offer a joint VPN service with traffic tunneled directly from the ingress PE router at one service provider directly to the egress PE router at a different service provider. These service providers can be interconnected through non-cooperating service providers since IP packets are providing inter-PE transport for the VPN payload traffic.
- the invention includes the use of a separate address space for the overlay network rendering address resolution trivial.
- An overlay multi-access tunnel network is used to interconnect the PE routers (implying that only a single tunnel needs to be configured on a PE in order for the PE to be able to transport VPN traffic to all PEs).
- a protocol such as Border Gateway Protocol (BGP) is used to distribute routing information, such as VPNv4 routing information, between PE routers. The advertised next hop in BGP VPNv4 updates may be used to trigger tunnel endpoint discovery.
- BGP Border Gateway Protocol
- a peer routing relationship is maintained between the service provider network and customer sites.
- the invention also allows for the ability to provide flexible IP output features as traffic enters the overlay network using multiple address spaces for the tunnel overlay network.
- the invention may be used by a service provider with an existing IP network to add, for example, a RFC2547 VPN service to the portfolio of services offered and not wishing to migrate the core of the network from IP forwarding to MPLS switching. It is this application that will now be considered as an exemplary embodiment of the invention.
- Deploying the invention in support of RFC2547 VPN over IP results in a simple configuration, which is not on a per-VRF or per-remote PE basis.
- a PE is able to use both IP tunnel and LSPs for transport of VPN traffic and this may be selectable on a per prefix basis.
- FIG. 4 shows an example of RFC2547-based VPN using a tunnel overlay network.
- CE Left 10 exchanges routes with PE Left 20 .
- PE Left 20 exchanges routes with the rest of the PEs e.g. PE 22 .
- a single routing entity is used to distribute routing information in all VPNs.
- the routes exchanged between PE routers use a next hop address from the tunnel overlay network.
- PE Right 22 receives routes from PE Left 20 (e.g.
- Routers at different sites still do not exchange routes directly but only through the mutual routing peer i.e. the service provider network.
- the function of the overlay multi-access tunnel network 30 is to provide full connectivity between PE routers so as to be able to transport all IP VPN traffic through the core.
- the underlying transport network 40 is totally unaware of the L 3 VPN routing information.
- the only routing information required in the transport network 40 is that required to provide full connectivity between PE routers or tunnel endpoints. No extra state needs to be maintained in these core routers in order to facilitate the transport of VPN traffic across the core.
- By redirecting traffic through the overlay network at a PE the traffic is tunneled through the core transport network as opposed to switched.
- the invention proposes that this redirection is achieved by changing the address space of the next hop as opposed to changing the numerical value of the next hop.
- Routing updates can be interpreted by the receiving PE router as an instruction that a VPN prefix is reachable by tunneling to some destination as opposed to switching to the destination.
- FIG. 5 and the example of a VPN prefix 100.4.4.0/24 advertised using BGP with a next hop of 123.1.1.4.
- This BGP VPNv 4 update is interpreted as an instruction that a VPN prefix 100.4.4.0/24 is reachable by tunneling to 123.1.1.4.
- This instruction is translated into a set of routing and forwarding entries such that (i) traffic received from the appropriate VRF and destined to an IP address within 100.4.4.0/24 will be tunneled to 123.1.1.4 and (ii) the routing and forwarding infrastructure set up by this instruction will not require any special handling of route updates in the control plane or of traffic in the forwarding plane.
- Tunneling traffic from point A to point B implies that point A and point B become adjacent at the internetwork layer for the purposes of IP traffic tunneled from A to B. This fact can be modeled adequately by connecting A and B directly using a logical link and providing each router with a virtual interface onto this logical link.
- This virtual interface takes the form of the tunnel interface.
- Directing traffic for a prefix such as 100.4.4.0/24 out of a tunnel interface implies that traffic to 100.4.4.0/24 would be tunneled.
- the prefix 100.4.4.0/24 will be installed so as to send traffic via a tunnel interface (either directly or as a recursive route which resolves to a prefix through a tunnel interface).
- the BGP next hop is used as the tunnel endpoint address.
- a PE router will receive VPNv4 BGP updates originating from a number of PE routers. All these will be interpreted to indicate that traffic should be tunneled to the PE router and not forwarded to the PE router so as to make sure that the payload traffic gets through the transport network without being inspected.
- a PE router is expected to be able to tunnel traffic to all the other PE routers. This means that the PE-PE adjacency can be modeled through either a full mesh of point-to-point tunnels or a single multi-access network with each PE having access to this network through a single virtual interface referred to as a multipoint tunnel interface.
- the second option is the more attractive option from a practical standpoint since it does not require multiple interfaces to be maintained.
- a multipoint tunnel interface can be used to tunnel to multiple endpoints. Thus if a prefix is routed through the tunnel interface to this next hop, then the route would point out of a tunnel/next hop as follows;
- N is to allow the identification of one of many tunnel endpoints to which traffic should be sent. At this point, N is known to identify the tunnel endpoint reached through 123.1.1.4. But 123.1.1.4 is not the next hop address; 123.1.1.4 is the address to tunnel to. Using Ethernet as an example, N would be the equivalent of the IP address whereas 123.1.1.4 would be the equivalent to the MAC address corresponding to the IP address N.
- One possible solution would be to provide some tunnel address resolution mechanism and allow BGP to advertise prefixes with N as next hop.
- the address resolution mechanism would then resolve N to 123.1.1.4 so that the forwarding tunnel adjacency could be prepared with the appropriate tunnel endpoint destination.
- This will allow existing routing and forwarding entries in the routing and forwarding table to translate the instruction “traffic to 100.4.4.0/24 should be tunneled to 123.1.1.4 ” into action except that it would be done in two stages i.e. “traffic to 100.4.4.0/24 should be forwarded to N on Tunnel 1 , and N resolves to 123.1.1.4 ”.
- This invention is built around the ability of a routing update to be interpreted as indicating that the prefix advertised via a next hop N in the transport network, is reachable through a next hop N which is directly connected to the tunnel network in “RiV”.
- the internetwork address of the next hop N on the tunnel network resolves to link layer IP address N in the global routing table.
- a tunnel overlay network in a distinct address space allows the PE router to use routing and forwarding entries exactly as they exist today to provide routing through an overlay network interconnecting PE routers without incurring the cost of having to provide a complex address resolution mechanism to resolve overlay-to-transport network addresses.
- the IP Tunnel overlay is placed in an address space distinct from the transport network (using a VRF dedicated for this purpose and referred to as the Resolve-In VRF “RiV”). This results in number of significant advantages.
- the act of mapping from the overlay to the transport address can be reduced to a trivial operation.
- the overlay address is made numerically equivalent to the transport address, thus making address resolution trivial.
- the IP address 123.1.1.4 is used as the destination IP address in the outer IP header transporting the VPN traffic across the service provider network.
- N could be assigned 123.1.1.4 in “RiV”.
- N signifies the tunnel address on PE 2 , and this is numerically equivalent to the tunnel endpoint destination in the transport network 123.1.1.4. It would not be correct to say that they are the same IP addresses. They are two distinct addresses by virtue of being in different address spaces. They are however numerically equivalent.
- Another advantage of placing the tunnel overlay network in a RiV is that an operator introducing a new VPN service does not have to obtain new addresses to number the tunnel interface on each PE. Instead, an existing IP address is used and the tunnel interface is placed in the RiV. A service provider deploying a VPN service in conjunction with a number of service providers would also find this beneficial since no extra effort is required to coordinate addressing on the tunnel overlay.
- Placing the tunnel interface in a pre-configured VRF allows the operator to shift VPN traffic across the service provider network through different tunnel interfaces with different output features applied based on attributes of the advertised prefix other than the next hop. For each such output feature set, a RiV and a corresponding tunnel would be created.
- VPNv4 prefixes learnt from remote PE routers and which should be transported via a tunnel are identified and set to resolve via the RiV. This means that the next hop N would be looked up in the RiV in order to identify the immediate next hop where traffic should be forwarded.
- This may be implemented through a route-map by extending the “set ip next-hop” command to “set ip next-hop in-vrf ⁇ RiV>”.
- This route-map can be selectively applied to prefixes and peers such that only traffic to specific prefixes would be tunneled. Any prefixes not selected would be switched across the service provider network. This facility allows tunneling to be used in conjunction with switching.
- a default route out of the tunnel interface might need to be configured if summarizing the advertised next hops of all PE routers is not possible.
- CEF Cosmetic Express Forwarding
- a special property of the RiV is that when a route is received which is configured to be resolved in the RiV, and such a route is resolved, this action is taken to be a tunnel endpoint discovery event and triggers the creation of a tunnel endpoint (if this endpoint has not already been created).
- the next hop used signifies a new tunnel endpoint.
- the tunnel endpoint database for the tunnel is updated with the new endpoint information.
- the forwarding infrastructure for this endpoint is also prepared. In CEF, this involves the creation of an adjacency out of the tunnel interface.
- a tunnel adjacency contains a partially precomputed encapsulation string, which is pre-pended to any packet being switched through the adjacency.
- the tunnel used is a GRE tunnel
- this is made up of an IP header followed by a GRE header.
- the IP header contains the destination in the transport network that would lead to the correct tunnel endpoint. In the example below, this destination is 7B010103.
- VPN traffic can be switched through the tunnel overlay to the remote PE routers and on to the destination.
- CEF switching onto a tunnel can be implemented using a technique known as double or recursive switching.
- a packet is received from a CE router, and the IP lookup in the VRF returns the tunnel adjacency, the packet is encapsulated in an IP and a GRE header retrieved from the adjacency as a string, for instance as shown in FIG. 3 .
- the IP header contains the destination IP address from the transport network that is numerically equivalent to the IP address of the next hop on the tunnel network. This is computed when the tunnel endpoint was discovered i.e. when BGP installed the prefix in the VRF and resolved the next hop in the RiV.
- the packet is then reinserted at the top of the ip switching path and is switched based on the contents of the transport address space towards the remote PE. At this point, the packet looks like one that originated on the PE and is destined to the remote PE and will be switched through the core as a normal IP packet.
- the packet When the remote PE receives the packet, the packet is inspected and identified as a tunneled packet.
- the receiving tunnel interface is a tunnel interface.
- the tunnel and VPN header on the packet indicate the table to be used to perform the IP look up on the payload IP packet.
- the PE router then strips of the tunnel header information (and any related header information) to reveal the original IP payload packet and then deals with the IP packet in the normal manner.
- PE Right 22 is connected to a customer site and learns prefix 124.2.2.0/24 from the site.
- the VRF on the interface connected to the customer site is configured with an export route-target of 100:1 and a route distinguisher of 1:1.
- PE Right 22 advertises the VPNv4 update with a next hop of 123.1.1.2 (the transport address of PE Right).
- PE Left 20 will interpret this as a next hop on the tunnel overlay network in the RiV.
- PE Left will also assume that 123.1.1.2 on the tunnel overlay in the RiV can be reached by tunneling to destination 123.1.1.2 in the IP transport network 40 . This is because the IP address of the tunnel interface of PE Right is numerically equivalent to the tunnel endpoint address on the IP transport network. If PE Left 20 needs to tunnel VPN traffic to PE Right 22 , the destination address in the outer IP header should be 123.1.1.2.
- a prefix would be selected for tunnel transport on PE Left by applying the “set ip next-hop in-vrf ⁇ my_RiV>” (where my_RiV would be a preconfigured RiV VRF) when the BGP update with the prefix is received from PE Right.
- route map in this example matches all prefixes since no match statement is configured. This implies that all VPNv4 BGP updates will be resolved in my_RiV and use the tunnel as transport through the service provider network.
- the filter could be more stringent and could operate by matching prefixes, communities etc so as to apply only to specific BGP updates.
- a default VRF may be defined which refers to the same address space.
- 123.1.1.2 is resolved by looking up the next hop in the special VRF “my_RiV”. This resolves to a next hop on the tunnel since all next hops are configured to be reachable on the tunnel network. E.g. using a default route out of the tunnel interface.
- the action of resolving a prefix via the tunnel interface triggers tunnel endpoint discovery/creation which creates the tunnel endpoint and associated prefixes through the tunnel including the creation of a /32 prefix in a Forwarding Information Base (FIB) pointing to a tunnel adjacency to 123.1.1.2.
- FIB Forwarding Information Base
- the encapsulation string in the adjacency contains an outer IP header and other headers relevant to the tunneling mechanism and the VPN application e.g. the GRE header and an MPLS label.
- the destination address in the outer IP header contains the IP Address 123.1.1.2.
- the second IP lookup of the double switch in the forwarding path happens in the global FIB.
- the destination IP address 123.1.1.2 indicates that the packet is destined to a local interface.
- the protocol type is identified e.g. GRE and the interface is determined to be a tunnel interface dedicated to L 3 VPN transport.
- the VPN label (value 22 ) is looked up in a vpn tableland is found to be associated with the VRF “customerII”. This implies that after the outer IP,tunnel and application headers have been stripped, the remaining payload will be reinserted at the top of the IP switch path.
- An InterAS VPN service may be provided (AS here stands for Autonomous System).
- Multihop eBGP VPNv4 updates can be exchanged using the feature that allows such updates to be propagated with unchanged next hop address.
- VPNv4 eBGP updates are exchanged between routers in the cooperating autonomous systems. Typically, these VPNv4 eBGP updates are exchanged between route-reflectors configured with a multihop eBGP session as shown in FIG. 7 . Because the next hop can be propagated unchanged across the eBGP session as learnt from an iBGP session, the next hop will be that of the originating PE and thus the tunnel endpoint used for the advertised VPNv4 prefix will be that of the originating PE even from PE routers in the remote AS. Intermediate service providers do not need to cooperate beyond providing IP connectivity between the autonomous systems.
- FIG. 7 shows three autonomous systems SP 1 , SP 2 and SP 3 .
- PE 3 24 in Service Provider SP 3 This PE would advertise any prefixes learnt from CE routers using an IP address in the transport network as the next hop address. This prefix would be propagated to the route reflector in SP 3 as a VPNv4 update.
- the route reflector would reflect the VPNv4 updates to the rest of the PE routers in SP 3 and it would also propagate the VPNv4 updates to the route reflectors in SP 1 and SP 2 .
- the next hop would still be of an interface on PE 3 .
- the router reflectors at SP 2 and SP 1 would in turn propagate the update to all the PE routers in those autonomous systems. So PE 2 would receive the VPNv4 prefix from PE 3 .
- the invention is put to use by choosing to interpret the next hop address as pertaining to the RiV.
- the advertised prefix When the advertised prefix is resolved, it turns out to be via the tunnel interface with the endpoint address resolving to the next hop address in the global routing table. All traffic destined to the prefix would be tunneled directly to the next hop advertised by PE 3 .
- FIG. 8 shows a schematic representation of the multiple address spaces used in the invention.
- a first address space 800 and a second address space 802 are shown.
- the first address space 800 represents the VRF of a given node (e.g. router PE 1 ).
- This first address space 800 includes the destination address (e.g. CE 2 , CE 3 etc.) and information as to how traffic for the destination is to be forwarded through the network (e.g. via L(my_RiV)).
- the information relating to forwarding of traffic for the destination has an address L and an indicator (my_RiV) that tells the PE to look at address L in the second address space 802 .
- the second address space 802 has an address (e.g. L) and interface information (e.g. on tunnel 1 ).
- the address L is the tunneling address for traffic received at PE 1 and destined for CE 2 and indicates an address in the first address space.
- the routing information for address L is then resolved to an address in the transport layer (e.g. L via P 1 ).
- PE 1 On receipt of traffic destined for CE 2 , PE 1 looks up in the VRF 800 for the forwarding information for CE 2 . From VRF 800 PE 1 looks up CE 2 and finds the information “via L(my_RiV)”. In response, PE 1 looks in the address space 802 labelled my_RiV, looks up L (as given in the VRF) and finds the information “on tunnel 1 ”. PE 1 then looks in the first address space 800 to find the next hop for traffic to destination L and finds that it is P 1 .
- PE 1 then encapsulates the traffic for CE 2 in a tunnel header that has as its destination address L (as given in (my_RiV)) and a label that indicates that it is tunneled on tunnel 1 and forwards this onto the next hop P 1 .
- the encapsulated traffic is then forwarded to L without the payload of the traffic being examined.
- the VRF may also include forwarding information for traffic that is not to be tunneled. For instance, as shown in FIG. 8 , traffic for CE 5 and CE 6 does not require to be tunneled. In the case of CE 5 , traffic for CE 5 is to be forwarded in a normal switched manner via address Q and Q can be reached via P 1 . This information is wholly stored within the first address space 800 . PE 1 therefore switches traffic for CE 5 with a destination node Q and this traffic is first switched to P 1 . This is also the case for destination CE 6 as shown in FIG. 8 , where traffic for CE 6 is via node R and is switched via node P 1 .
- the VRF may contain explicit information telling the PE 1 to look in the VRF for the forwarding information (as is the case for CE 5 ) or the default address space may be set to be VRF is specified) or there is no forwarding information and the PE looks in the VPF by default for the next hop.
Abstract
A method and apparatus for redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks. In an IP implementation, redirecting traffic to be tunneled across a network comprises deriving the transport IP address of a multipoint tunnel endpoint from the network IP address by making the transport address numerically equivalent to the network address, the transport address being in an address space distinct from the address space of the network address. Traffic is redirected by changing the address space of the next hop in a received routing advertisement.
Description
- This application is a divisional of U.S. patent application Ser. No. 10/270,409 filed Oct. 2, 2002 which is incorporated herein by reference as fully set forth herein, under 35 U.S.C. §120.
- This invention generally relates to the field of internetworking in data communications. The invention relates more specifically to redirecting network traffic through a multipoint tunnel overlay network using distinct IP address spaces for the overlay and transport networks.
- The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
- An internet comprises a plurality of sites attached to a common network known as a backbone. Traffic between sites is routed from the source to a destination via nodes of the network. The traffic may be switched at the nodes based on the destination address. Alternatively, the traffic may be switched based on a header that is pre-pended to the original traffic such that some intermediate routing nodes have no knowledge of the final destination address. This latter approach is known as tunneling and one well-known use of this approach is in the provision of virtual private networks (VPNs). This application of tunneling will be used to exemplify the invention but the invention is not intended to be limited to this area of application.
- The Internet Engineering Task Force (IETF) was set up to establish internet protocols. The IETF RFC2547 (March 1999) deals with the provision of VPN services by a service provider. At each site, there are one or more Customer Edge (CE) devices, each of which is attached via a data link (e.g. Ethernet, PPP, ATM, GRE tunnel etc.) to one or more Provider Edge (PE) routers. The service provider's network comprises the PE routers and as well as other routers (P routers) that are not attached to CE devices. When a service provider deploys an RFC2547-based VPN service, VPN traffic is transported across the core network between Provider-Edge routers (PE). This may be done by the use of IP “tunnels” which can be used to transport traffic across a service provider network. This idea was proposed by Eric Rosen and Yakov Rekhter in their IETF proposal entitled “Use of PE-PE GRE or IP in RFC2547 VPNs” (available from the IETF website and found at http://www.ietf.org/internet-drafts/draft-ietf-ppvpn-gre-ip-2547-01.txt).
- According to RFC2547, each PE router maintains a number of forwarding tables. Each site to which the PE is attached is mapped to one of the forwarding tables. On receipt of a packet from a site, the forwarding table for that site is consulted to determine the route for the packet. Once a PE learns of a site that is reachable from a new site, this information is distributed to all the other PE routers to which the PE router is attached, for instance by using a protocol such as BGP (Border Gateway Protocol). The PE routers update their forwarding tables in response.
- PE routers exchange VPNv4 routes using BGP. A PE router receives enough information in a VPNv4 update so as to determine that traffic received at a router, destined to some prefix P/m, should be tunneled to a destination N′. A PE router receiving this information must set up its forwarding path to do just this. IP based tunneling from one PE to another may be used as proposed in the Rosen/Rekhter draft referred to above. A logical IP tunnel network makes the endpoints of the tunnel, i.e. the PE routers, immediately adjacent at the internetwork layer-
layer 3. Thus, an overlay network is used to represent the direct path taken by tunneled traffic. This overlay network is accessed by a PE router through a logical tunnel interface. - If traffic to P/m needs to be tunneled to some destination N′ (N′ being in the transport network), then the route to P/m is via N where N is an address on the tunnel overlay network and such that N is the tunnel address of a PE router reachable at N′ on the transport network.
- In other words, for traffic to P/m to be tunneled to N′, an IP route of the form “P/m via N reachable through tunnel interface” is set up. The use of a tunnel interface and a tunnel overlay network allow routes in a routing table to prescribe how traffic should be routed without introducing exceptions for tunneled as opposed to forwarded traffic. The tunnel interface identifies that tunnel encapsulation must be imposed and N identifies which tunnel endpoint should be used.
- When a routing update for the prefix P/m is received, the PE router needs to install the prefix P/m in the appropriate routing and forwarding table. A route lookup in this table for a destination covered by this prefix P/m should return the appropriate next hop/interface to which to dispatch the packet. To enable traffic to be transported over the tunnel overlay (i.e. tunneled through the transport network) to the remote PE, the route lookup must return a next hop on the overlay tunnel network. Consider the prefix 100.4.4.0/24 advertised by PE2 to PE1 with a next hop N, as shown in
FIG. 1 and targeted to be installed in a table called “customer”. Assuming the correct route-targets are associated with the VPNv4 prefix in the BGP update, 100.4.4.0/24 would be installed in the routing and forwarding tables “customer” on PE1 as shown below: -
- ccassar-72a#sh ip route vrf customer
- B 100.4.4.0/24 [200/0] via N, 00:01:47
- The prefix 100.4.4.0/24 with next hop N must resolve through the connected tunnel network in order to ensure that traffic to 100.4.4.0/24 is tunneled through the transport network. Linking 100.4.4.0/24 to a next hop N on the tunnel interface completes the forwarding setup for traffic sent to 100.4.4.0/24. However, in the prior art, the IP address N on the tunnel would then have to be resolved to an underlying IP address of the router (123.1.1.4 in the example shown in
FIG. 1 ) so that the outer IP header imposed when tunneling through the transport network can be populated appropriately and traffic can be tunneled to the destination through the transport network. This process is analogous to resolving an IP next hop address to a MAC address using ARP on an Ethernet interface. - The disadvantages of this solution include: the need to use an address resolution protocol to provide the mapping between the IP address of the tunnel endpoint in the overlay network and the underlying transport address; and the allocation of address space by a service provider for the tunnel network such that all tunnel endpoints are provided with unique addresses, which are distinct from those of the transport network. Address allocation and address resolution become more challenging if multiple service providers coordinate to provide the tunnel overlay network. In such a case, the overlay network is shared amongst all service providers and every router on the end of a tunnel is adjacent to every other one. Coordinating addressing and address resolution on the overlay network in such a case is more complicated if all addresses need to be unique amongst the set of addresses on the overlay AND the transport network.
- In accordance with the invention there is provided a method for directing traffic across a network. On receipt of traffic for a destination address in a network, there is looked up in a first address space information as to how traffic for the destination is to be forwarded, the information including a specified node N. There is then looked up in the second address space an address of the specified node N, the address of the node N in the second address space being related to an address in the first address space. For traffic that is to be tunneled to a specified node, the traffic is encapsulated in a header including the address specified in the first address space that is related to the address in the second address space.
- The address in the second address space is preferably numerically identical to the related address in the first address space. The related address in the first address space may be a link layer IP address corresponding to the internetwork layer IP address of a tunnel endpoint in the second address space. A multipoint tunnel network may be defined in the second address space.
- A routing protocol update may be used to distribute routing information between nodes of the network. This may take the form of an advertised next hop in a routing protocol update, the receipt of which triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space. Preferably the IP address in the second address space is an internetwork layer IP address and the IP address in the first address space is a link layer IP address
- A plurality of second address spaces may be provided, corresponding to the definition of multiple tunnels.
- In a second aspect of the invention there is provided a router for directing traffic on a network, the router comprising a first address space including information relating to a destination address and information relating to forwarding of traffic for the destination address and a second address space including information relating to tunnel endpoint addresses. A tunnel endpoint address in the second address space is related to the forwarding information in the first address space.
- All addresses in the second address space may be directly connected to a multi-point tunnel network. The addresses in the second address space thus define a multi-point tunnel network.
- The tunnel endpoint address in the second address space is preferably numerically identical to the address in the first address space. The address in the first address space may be a link layer IP address and the tunnel endpoint address in the second address space may be an internetwork layer IP address.
- A routing protocol update may be used to distribute routing information between nodes of the network. The receipt of an advertised next hop in a routing protocol update triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
- A plurality of second address spaces may be provided, corresponding to the definition of multiple tunnels.
- A router for directing traffic via a network, the network including a plurality of interconnected nodes, comprises a first address space for storing information received from nodes of the network. The information indicates a destination address and information as to how traffic for the destination address is to be forwarded via a specified node of the network. A second address space stores information relating to how traffic is to be tunneled to a node of the network, the information indicating a destination address. The destination address in the second address space is related to an address of the specified node in the first address space. On receipt of routing information for the destination, the router re-directs the traffic for the destination by changing the address space of the next node from the first address space to the second address space.
- A method of creating a virtual private network via one or more networks owned by one or more internet service providers, comprises receiving information at a first node of the network that traffic for a destination is to the tunneled via a second node of the network. The information indicates that the traffic for the destination is to be tunneled to the node. The destination is part of a virtual private network. On receipt of routing information for the destination in the virtual private network, the traffic for the destination is re-directed by changing the address space of the next node from a first address space to a second address space. The information may be in a routing update received via the network.
- A method of redirecting traffic to be tunneled across a network comprises deriving a link layer IP address of a multipoint tunnel endpoint from an internetwork layer IP address by making the link layer address numerically equivalent to the internetwork layer address, the link layer address being in a first address space distinct from a second address space of the internetwork address. Traffic is redirected by changing the address space of the next node from the first address space to the second address space.
- The present invention can be used in conjunction with other mechanisms to provide a service provider with a transport mechanism based on IP tunnels for the delivery of virtual private networks.
- The invention will now be described further, by way of example only, with reference to the accompanying drawings, in which:
-
FIG. 1 shows an example of a tunnel overlay network; -
FIG. 2 is a block diagram that illustrates a computer system upon which an embodiment of the invention may be implemented; -
FIG. 3 shows an example of encapsulation using MPLS Label; -
FIG. 4 shows an example of a RFC2547-based VPN using a tunnel overlay network; -
FIG. 5 shows how a tunnel address is resolved to its endpoint in accordance with the invention; -
FIG. 6 shows an example of the invention implemented using multipoint GRE tunnel/VPN; -
FIG. 7 shows an example of a network according to the invention implemented as an InterAS multipoint GRE tunnel VPN; and -
FIG. 8 is a schematic representation of a first and second address space as proposed in the invention. - A method and apparatus for redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks is described. In the following description, for the purposes of explanation, numerous specific details are set forth to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram to avoid unnecessarily obscuring the present invention.
- To aid a reader of this specification, a summary of acronyms used herein is given below:
- AS Autonomous System
- BGP Border Gateway Protocol
- CE Customer Edge Router
- CEF Cisco Express Forwarding
- GRE Generic Route Encapsulation
- LSP Label Switched Path
- MPLS Multi Protocol Label Switching
- MSS Maximum Segment Size
- MTU Maximum Transmission Unit
- P Provider routers which do not connect to customer routers
- PE Provider Edge Router
- RiV Resolve-in VRF
- VRF Virtual Routing and Forwarding table p
FIG. 2 is a block diagram that illustrates a computer system 200 upon which an embodiment of the invention may be implemented. The preferred embodiment is implemented using one or more computer programs running on a network element such as a router device. Thus, in this embodiment, the computer system 200 is a router. - Computer system 200 includes a
bus 202 or other communication mechanism for communicating information, and aprocessor 204 coupled withbus 202 for processing information. Computer system 200 also includes amain memory 206, such as a random access memory (RAM), flash memory, or other dynamic storage device, coupled tobus 202 for storing information and instructions to be executed byprocessor 204.Main memory 206 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed byprocessor 204. Computer system 200 further includes a read only memory (ROM) 208 or other static storage device coupled tobus 202 for storing static information and instructions forprocessor 204. A storage device 210, such as a magnetic disk, flash memory or optical disk, is provided and coupled tobus 202 for storing information and instructions. - A
communication interface 218 may be coupled tobus 202 for communicating information and command selections toprocessor 204.Interface 218 is a conventional serial interface such as an RS-232 or RS-422 interface. An external terminal 212 or other computer system connects to the computer system 200 and provides commands to it using the interface 214. Firmware or software running in the computer system 200 provides a terminal interface or character-based command interface so that external commands can be given to the computer system. - A switching system 216 is coupled to
bus 202 and has an input interface 214 and an output interface 219 to one or more external network elements. The external network elements may include alocal network 222 coupled to one or more hosts 332, or a global network such asInternet 228 having one ormore servers 230. The switching system 216 switches information traffic arriving on input interface 214 to output interface 219 according to pre-determined protocols and conventions that are well known. For example, switching system 216, in cooperation withprocessor 204, can determine a destination of a packet of data arriving on input interface 214 and send it to the correct destination using output interface 219. The destinations may include host 332,server 230, other end stations, or other routing and switching devices inlocal network 222 orInternet 228. - The invention is related to the use of computer system 200 for redirecting traffic, especially tunneling traffic. According to one embodiment of the invention, this is provided by computer system 200 in response to
processor 204 executing one or more sequences of one or more instructions contained inmain memory 206. Such instructions may be read intomain memory 206 from another computer-readable medium, such as storage device 210. Execution of the sequences of instructions contained inmain memory 206 causesprocessor 204 to perform the process steps described herein. One or more processors in a multi-processing arrangement may also be employed to execute the sequences of instructions contained inmain memory 206. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software. - The term “computer-readable medium” as used herein refers to any medium that participates in providing instructions to
processor 204 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 210. Volatile media includes dynamic memory, such asmain memory 206. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprisebus 202. Transmission media can also take the form of acoustic or light waves, such as those generated during radio wave and infrared data communications. - Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
- Various forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to
processor 204 for execution. For example, the instructions may initially be carried on a magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 200 can receive the data on the telephone line and use an infrared transmitter to convert the data to an infrared signal. An infrared detector coupled tobus 202 can receive the data carried in the infrared signal and place the data onbus 202.Bus 202 carries the data tomain memory 206, from whichprocessor 204 retrieves and executes the instructions. The instructions received bymain memory 206 may optionally be stored on storage device 210 either before or after execution byprocessor 204. -
Communication interface 218 also provides a two-way data communication coupling to a network link 220 that is connected to alocal network 222. For example,communication interface 218 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example,communication interface 218 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation,communication interface 218 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information. - Network link 220 typically provides data communication through one or more networks to other data devices. For example, network link 220 may provide a connection through
local network 222 to ahost computer 224 or to data equipment operated by an Internet Service Provider (ISP) 226.ISP 226 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 228.Local network 222 andInternet 228 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 220 and throughcommunication interface 218, which carry the digital data to and from computer system 200, are exemplary forms of carrier waves transporting the information. - Computer system 200 can send messages and receive data, including program code, through the network(s), network link 220 and
communication interface 218. In the Internet example, aserver 230 might transmit a requested code for an application program throughInternet 228,ISP 226,local network 222 andcommunication interface 218. In accordance with the invention, one such downloaded application provides for tunneling as described herein. - The received code may be executed by
processor 204 as it is received, and/or stored in storage device 210, or other non-volatile storage for later execution. In this manner, computer system 200 may obtain application code in the form of a carrier wave. - The invention will be described with reference to the provision of Virtual Private Networks. However the invention is applicable to any internetworking system in which traffic is to be tunneled. Multiple service providers may cooperate and offer a joint VPN service with traffic tunneled directly from the ingress PE router at one service provider directly to the egress PE router at a different service provider. These service providers can be interconnected through non-cooperating service providers since IP packets are providing inter-PE transport for the VPN payload traffic.
- The invention includes the use of a separate address space for the overlay network rendering address resolution trivial. An overlay multi-access tunnel network is used to interconnect the PE routers (implying that only a single tunnel needs to be configured on a PE in order for the PE to be able to transport VPN traffic to all PEs). A protocol, such as Border Gateway Protocol (BGP), is used to distribute routing information, such as VPNv4 routing information, between PE routers. The advertised next hop in BGP VPNv4 updates may be used to trigger tunnel endpoint discovery. A peer routing relationship is maintained between the service provider network and customer sites. The invention also allows for the ability to provide flexible IP output features as traffic enters the overlay network using multiple address spaces for the tunnel overlay network.
- The invention may be used by a service provider with an existing IP network to add, for example, a RFC2547 VPN service to the portfolio of services offered and not wishing to migrate the core of the network from IP forwarding to MPLS switching. It is this application that will now be considered as an exemplary embodiment of the invention.
- Deploying the invention in support of RFC2547 VPN over IP results in a simple configuration, which is not on a per-VRF or per-remote PE basis. A PE is able to use both IP tunnel and LSPs for transport of VPN traffic and this may be selectable on a per prefix basis.
- The peer relationship between customer sites and the service provider network is retained (contrary to what might be assumed because of the introduction of the overlaid IP tunnel network). The PE routers are interconnected through a multi-access overlay network but the routing relationship from the CE remains with the PE and is not with the remote CE.
FIG. 4 shows an example of RFC2547-based VPN using a tunnel overlay network. InFIG. 4 , CE Left 10 exchanges routes withPE Left 20.PE Left 20 exchanges routes with the rest of the PEs e.g.PE 22. A single routing entity is used to distribute routing information in all VPNs. The routes exchanged between PE routers use a next hop address from the tunnel overlay network.PE Right 22 receives routes from PE Left 20 (e.g. via a route reflector) with a next hop address signifying a PE Left interface address connecting PE Left to the tunnel overlay network. PE Right propagates this information toCE Right 12. Routers at different sites still do not exchange routes directly but only through the mutual routing peer i.e. the service provider network. - The function of the overlay
multi-access tunnel network 30 is to provide full connectivity between PE routers so as to be able to transport all IP VPN traffic through the core. Theunderlying transport network 40 is totally ignorant of the L3 VPN routing information. The only routing information required in thetransport network 40 is that required to provide full connectivity between PE routers or tunnel endpoints. No extra state needs to be maintained in these core routers in order to facilitate the transport of VPN traffic across the core. By redirecting traffic through the overlay network at a PE, the traffic is tunneled through the core transport network as opposed to switched. The invention proposes that this redirection is achieved by changing the address space of the next hop as opposed to changing the numerical value of the next hop. - Routing updates such as BGP VPNv4 updates can be interpreted by the receiving PE router as an instruction that a VPN prefix is reachable by tunneling to some destination as opposed to switching to the destination. Consider now
FIG. 5 and the example of a VPN prefix 100.4.4.0/24 advertised using BGP with a next hop of 123.1.1.4. This BGP VPNv4 update is interpreted as an instruction that a VPN prefix 100.4.4.0/24 is reachable by tunneling to 123.1.1.4. - This instruction is translated into a set of routing and forwarding entries such that (i) traffic received from the appropriate VRF and destined to an IP address within 100.4.4.0/24 will be tunneled to 123.1.1.4 and (ii) the routing and forwarding infrastructure set up by this instruction will not require any special handling of route updates in the control plane or of traffic in the forwarding plane.
- If a BGP update is interpreted as an instruction to tunnel traffic to the BGP next hop, the VPN route cannot be installed as:
- 100.4.4.0/24 via 123.1.1.4
- This is because the above indicates that traffic to 100.4.4.0/24 should be forwarded to 123.1.1.4.
- Tunneling traffic from point A to point B implies that point A and point B become adjacent at the internetwork layer for the purposes of IP traffic tunneled from A to B. This fact can be modeled adequately by connecting A and B directly using a logical link and providing each router with a virtual interface onto this logical link.
- This virtual interface takes the form of the tunnel interface. Directing traffic for a prefix such as 100.4.4.0/24 out of a tunnel interface implies that traffic to 100.4.4.0/24 would be tunneled. Thus, the prefix 100.4.4.0/24 will be installed so as to send traffic via a tunnel interface (either directly or as a recursive route which resolves to a prefix through a tunnel interface). The BGP next hop is used as the tunnel endpoint address.
- A PE router will receive VPNv4 BGP updates originating from a number of PE routers. All these will be interpreted to indicate that traffic should be tunneled to the PE router and not forwarded to the PE router so as to make sure that the payload traffic gets through the transport network without being inspected. A PE router is expected to be able to tunnel traffic to all the other PE routers. This means that the PE-PE adjacency can be modeled through either a full mesh of point-to-point tunnels or a single multi-access network with each PE having access to this network through a single virtual interface referred to as a multipoint tunnel interface. The second option is the more attractive option from a practical standpoint since it does not require multiple interfaces to be maintained.
- A multipoint tunnel interface can be used to tunnel to multiple endpoints. Thus if a prefix is routed through the tunnel interface to this next hop, then the route would point out of a tunnel/next hop as follows;
-
- 100.4.4.0/24 . . . via N
- N via Tunnel1, N
- (. . . indicates that this would be through recursion since a BGP hop installs recursive routes)
- Note that the purpose of N is to allow the identification of one of many tunnel endpoints to which traffic should be sent. At this point, N is known to identify the tunnel endpoint reached through 123.1.1.4. But 123.1.1.4 is not the next hop address; 123.1.1.4 is the address to tunnel to. Using Ethernet as an example, N would be the equivalent of the IP address whereas 123.1.1.4 would be the equivalent to the MAC address corresponding to the IP address N.
- One possible solution would be to provide some tunnel address resolution mechanism and allow BGP to advertise prefixes with N as next hop. The address resolution mechanism would then resolve N to 123.1.1.4 so that the forwarding tunnel adjacency could be prepared with the appropriate tunnel endpoint destination. This will allow existing routing and forwarding entries in the routing and forwarding table to translate the instruction “traffic to 100.4.4.0/24 should be tunneled to 123.1.1.4 ” into action except that it would be done in two stages i.e. “traffic to 100.4.4.0/24 should be forwarded to N on
Tunnel 1, and N resolves to 123.1.1.4 ”. - The approach herein however renders the address resolution mechanism trivial. By moving N into an address space “RiV” that is distinct from that of the transport network, address resolution becomes trivial. This is because the next hop on the tunnel can be configured with a numerically equivalent IP address on the tunnel network. Thus receiving a BGP update with a next hop of 123.1.1.4 means that traffic should be forwarded to a PE router with address 123.1.1.4 which is directly connected to the tunnel network. That tunnel address resolves to a transport network address of 123.1.1.4 in the address space of the transport network. The VPN route would then resolve to:
-
- 100.4.4.0/24 . . . forwarded to
Tunnel 1, 123.1.1.4
where the adjacency toTunnel 1, 123.1.1.4 in “RiV” causes traffic to be tunneled to 123.1.1.4 in the IP transport network. Tunnel overlay address-to-transport network address resolution is trivial because the IP addresses are numerically both 123.1.1.4. This is only possible because the address spaces of the tunnel overlay “RiV” and the transport network are distinct. The main benefit of the “RiV” is that it allows the tunnel address and tunnel endpoint to have the same 32-bit value for an IP address. This is illustrated inFIG. 5 .
- 100.4.4.0/24 . . . forwarded to
- This invention is built around the ability of a routing update to be interpreted as indicating that the prefix advertised via a next hop N in the transport network, is reachable through a next hop N which is directly connected to the tunnel network in “RiV”. The internetwork address of the next hop N on the tunnel network resolves to link layer IP address N in the global routing table.
- While deriving the model shown in
FIG. 5 might seem a lengthy and maybe unnecessary exercise, the model attempts to avoid the need for any exception processing (e.g. next hop means “tunnel to” instead of “forward to” in some circumstances and not others). - In summary, a tunnel overlay network in a distinct address space allows the PE router to use routing and forwarding entries exactly as they exist today to provide routing through an overlay network interconnecting PE routers without incurring the cost of having to provide a complex address resolution mechanism to resolve overlay-to-transport network addresses.
- According to the invention the IP Tunnel overlay is placed in an address space distinct from the transport network (using a VRF dedicated for this purpose and referred to as the Resolve-In VRF “RiV”). This results in number of significant advantages.
- Since the IP address space of the
tunnel overlay network 30 and thetransport network 40 are distinct, the act of mapping from the overlay to the transport address can be reduced to a trivial operation. The overlay address is made numerically equivalent to the transport address, thus making address resolution trivial. With reference toFIG. 5 , the IP address 123.1.1.4 is used as the destination IP address in the outer IP header transporting the VPN traffic across the service provider network. By providing a distinct address space, N could be assigned 123.1.1.4 in “RiV”. N signifies the tunnel address on PE2, and this is numerically equivalent to the tunnel endpoint destination in the transport network 123.1.1.4. It would not be correct to say that they are the same IP addresses. They are two distinct addresses by virtue of being in different address spaces. They are however numerically equivalent. - Another advantage of placing the tunnel overlay network in a RiV is that an operator introducing a new VPN service does not have to obtain new addresses to number the tunnel interface on each PE. Instead, an existing IP address is used and the tunnel interface is placed in the RiV. A service provider deploying a VPN service in conjunction with a number of service providers would also find this beneficial since no extra effort is required to coordinate addressing on the tunnel overlay.
- Placing the tunnel interface in a pre-configured VRF allows the operator to shift VPN traffic across the service provider network through different tunnel interfaces with different output features applied based on attributes of the advertised prefix other than the next hop. For each such output feature set, a RiV and a corresponding tunnel would be created.
- Because the RiV for a prefix is selected when the VPNv4 update is received, an operator could decide that traffic going to prefixes advertised with community A should be resolved in RiV A and are consequently transported through
tunnel 1 withoutput feature set 1. Prefixes with community B also behind PE2 should be resolved in RiV B and consequently transported throughtunnel 2 withoutput feature set 2.Tunnel - VPNv4 prefixes learnt from remote PE routers and which should be transported via a tunnel are identified and set to resolve via the RiV. This means that the next hop N would be looked up in the RiV in order to identify the immediate next hop where traffic should be forwarded. This may be implemented through a route-map by extending the “set ip next-hop” command to “set ip next-hop in-vrf <RiV>”. This route-map can be selectively applied to prefixes and peers such that only traffic to specific prefixes would be tunneled. Any prefixes not selected would be switched across the service provider network. This facility allows tunneling to be used in conjunction with switching.
- A default route out of the tunnel interface might need to be configured if summarizing the advertised next hops of all PE routers is not possible. After the VPNv4 prefix is installed in the customer VRF, CEF (Cisco Express Forwarding) may be used to resolve the prefix in RiV.
- A special property of the RiV is that when a route is received which is configured to be resolved in the RiV, and such a route is resolved, this action is taken to be a tunnel endpoint discovery event and triggers the creation of a tunnel endpoint (if this endpoint has not already been created). In other words, when a prefix is installed in a customer VRF and resolves through a RiV out of a multipoint tunnel, the next hop used signifies a new tunnel endpoint. When a tunnel endpoint is discovered a number of things happen. The tunnel endpoint database for the tunnel is updated with the new endpoint information. The forwarding infrastructure for this endpoint is also prepared. In CEF, this involves the creation of an adjacency out of the tunnel interface. A tunnel adjacency contains a partially precomputed encapsulation string, which is pre-pended to any packet being switched through the adjacency. In one implementation when the tunnel used is a GRE tunnel, this is made up of an IP header followed by a GRE header. The IP header contains the destination in the transport network that would lead to the correct tunnel endpoint. In the example below, this destination is 7B010103. Below is an example of the partially pre-computed MAC string and the significance of the fields;
mac_string - 4500000000000000FF2FC3C87B0101017B01010300008847 ================= IP Header ================ 45000000 00000000 FF2FC3C8 7B010101 7B010103 Version & Header Length FF Time To Live 2F Protocol indicating GRE header to follow C3C8 Checksum ... followed by source and destination 7B010101 7B010103 ================ GRE Header ================ 00008847 - Indicate MPLS Payload Follows
- Once this stage is completed and the tunnel endpoint forwarding has been setup, VPN traffic can be switched through the tunnel overlay to the remote PE routers and on to the destination.
- CEF switching onto a tunnel can be implemented using a technique known as double or recursive switching. When a packet is received from a CE router, and the IP lookup in the VRF returns the tunnel adjacency, the packet is encapsulated in an IP and a GRE header retrieved from the adjacency as a string, for instance as shown in
FIG. 3 . The IP header contains the destination IP address from the transport network that is numerically equivalent to the IP address of the next hop on the tunnel network. This is computed when the tunnel endpoint was discovered i.e. when BGP installed the prefix in the VRF and resolved the next hop in the RiV. Once the string has been pre-pended and the IP header total length and header checksum fields computed, the packet is then reinserted at the top of the ip switching path and is switched based on the contents of the transport address space towards the remote PE. At this point, the packet looks like one that originated on the PE and is destined to the remote PE and will be switched through the core as a normal IP packet. - When the remote PE receives the packet, the packet is inspected and identified as a tunneled packet. The receiving tunnel interface is a tunnel interface. The tunnel and VPN header on the packet indicate the table to be used to perform the IP look up on the payload IP packet. The PE router then strips of the tunnel header information (and any related header information) to reveal the original IP payload packet and then deals with the IP packet in the normal manner.
- In order to clarify the description above, it is best to illustrate with an example using output collected from a prototype implementation. Consider
FIG. 6 .PE Right 22 is connected to a customer site and learns prefix 124.2.2.0/24 from the site. The VRF on the interface connected to the customer site is configured with an export route-target of 100:1 and a route distinguisher of 1:1.PE Right 22 advertises the VPNv4 update with a next hop of 123.1.1.2 (the transport address of PE Right).PE Left 20 will interpret this as a next hop on the tunnel overlay network in the RiV. PE Left will also assume that 123.1.1.2 on the tunnel overlay in the RiV can be reached by tunneling to destination 123.1.1.2 in theIP transport network 40. This is because the IP address of the tunnel interface of PE Right is numerically equivalent to the tunnel endpoint address on the IP transport network. IfPE Left 20 needs to tunnel VPN traffic toPE Right 22, the destination address in the outer IP header should be 123.1.1.2. - In Cisco Internet Operating Software (IOS), a prefix would be selected for tunnel transport on PE Left by applying the “set ip next-hop in-vrf <my_RiV>” (where my_RiV would be a preconfigured RiV VRF) when the BGP update with the prefix is received from PE Right.
-
- Route-map applied to neighbor:
- neighbor 123.1.1.2 route-map ROUTE_MAP_FOR_IPVPN_ROUTES in Route-map defined:
- route-
map ROUTE_MAP_FOR_IPVPN_ROUTES permit 10 set ip next-hop in-vrf <my_RiV>
- Note that the route map in this example matches all prefixes since no match statement is configured. This implies that all VPNv4 BGP updates will be resolved in my_RiV and use the tunnel as transport through the service provider network. The filter could be more stringent and could operate by matching prefixes, communities etc so as to apply only to specific BGP updates. Alternatively, a default VRF may be defined which refers to the same address space.
- This results in a BGP entry as follows;
- ccassar-72a#sh ip bgp vpnv4 vrf red 124.2.2.0
-
- BGP routing table entry for 1:1:124.2.2.0/24,
version 9 - Paths: (1 available, best #1)
- Not advertised to any peer
- Local
- 123.1.1.2 in “my_RiV” from 123.1.1.2 (123.1.1.2)
- Origin incomplete, metric 0,
localpref 100, valid, internal, best - Extended Community: RT: 100:1
And a VRF entry; - ccassar-72a#sh ip route vrf red 124.2.2.0
- Routing entry for 124.2.2.0/24
- Known via “
bgp 100”, distance 200, metric 0, type internal - Last update from 123.1.1.2 00:40:11 ago
- Routing Descriptor Blocks:
- 123.1.1.2 (my_RiV), from 123.1.1.2, 00:40:11 ago
- Route metric is 0, traffic share count is 1
- AS Hops 0
And a CEF entry; - ccassar-72a#sh ip cef vrf red 124.2.2.0
- 124.2.2.0/24, version 18,
epoch 0 - 0 packets, 0 bytes
- tag information set
- local tag: VPN-route-head
- via 123.1.1.2, 0 dependencies, recursive
- next hop 123.1.1.2, Tunnel1 via 123.1.1.21/32 (my_RiV)
- valid adjacency
- tag rewrite with Tul, 123.1.1.2, tags imposed: {22}
- BGP routing table entry for 1:1:124.2.2.0/24,
- 123.1.1.2 is resolved by looking up the next hop in the special VRF “my_RiV”. This resolves to a next hop on the tunnel since all next hops are configured to be reachable on the tunnel network. E.g. using a default route out of the tunnel interface.
- The action of resolving a prefix via the tunnel interface triggers tunnel endpoint discovery/creation which creates the tunnel endpoint and associated prefixes through the tunnel including the creation of a /32 prefix in a Forwarding Information Base (FIB) pointing to a tunnel adjacency to 123.1.1.2. The encapsulation string in the adjacency contains an outer IP header and other headers relevant to the tunneling mechanism and the VPN application e.g. the GRE header and an MPLS label. The destination address in the outer IP header contains the IP Address 123.1.1.2. The second IP lookup of the double switch in the forwarding path happens in the global FIB.
- When the packet is received at
PE Right 22, the destination IP address 123.1.1.2 indicates that the packet is destined to a local interface. The protocol type is identified e.g. GRE and the interface is determined to be a tunnel interface dedicated to L3 VPN transport. The VPN label (value 22) is looked up in a vpn tableland is found to be associated with the VRF “customerII”. This implies that after the outer IP,tunnel and application headers have been stripped, the remaining payload will be reinserted at the top of the IP switch path. - Another example of how the invention might fit in as one component of an overall solution that might be of interest to a service provider will now be considered.
- Say two service providers both sell a VPN service based on IP tunnels and wish to cooperate (for instance to service a larger geographic area). An InterAS VPN service may be provided (AS here stands for Autonomous System). Multihop eBGP VPNv4 updates can be exchanged using the feature that allows such updates to be propagated with unchanged next hop address.
- VPNv4 eBGP updates are exchanged between routers in the cooperating autonomous systems. Typically, these VPNv4 eBGP updates are exchanged between route-reflectors configured with a multihop eBGP session as shown in
FIG. 7 . Because the next hop can be propagated unchanged across the eBGP session as learnt from an iBGP session, the next hop will be that of the originating PE and thus the tunnel endpoint used for the advertised VPNv4 prefix will be that of the originating PE even from PE routers in the remote AS. Intermediate service providers do not need to cooperate beyond providing IP connectivity between the autonomous systems. -
FIG. 7 shows three autonomous systems SP1, SP2 and SP3. Consider PE3 24 in Service Provider SP3. This PE would advertise any prefixes learnt from CE routers using an IP address in the transport network as the next hop address. This prefix would be propagated to the route reflector in SP3 as a VPNv4 update. The route reflector would reflect the VPNv4 updates to the rest of the PE routers in SP3 and it would also propagate the VPNv4 updates to the route reflectors in SP1 and SP2. The next hop would still be of an interface on PE3. The router reflectors at SP2 and SP1 would in turn propagate the update to all the PE routers in those autonomous systems. So PE2 would receive the VPNv4 prefix from PE3. At this point, the invention is put to use by choosing to interpret the next hop address as pertaining to the RiV. When the advertised prefix is resolved, it turns out to be via the tunnel interface with the endpoint address resolving to the next hop address in the global routing table. All traffic destined to the prefix would be tunneled directly to the next hop advertised by PE3. -
FIG. 8 shows a schematic representation of the multiple address spaces used in the invention. Afirst address space 800 and asecond address space 802 are shown. Thefirst address space 800 represents the VRF of a given node (e.g. router PE1). Thisfirst address space 800 includes the destination address (e.g. CE2, CE3 etc.) and information as to how traffic for the destination is to be forwarded through the network (e.g. via L(my_RiV)). - The information relating to forwarding of traffic for the destination has an address L and an indicator (my_RiV) that tells the PE to look at address L in the
second address space 802. - The
second address space 802 has an address (e.g. L) and interface information (e.g. on tunnel 1). The address L is the tunneling address for traffic received at PE1 and destined for CE2 and indicates an address in the first address space. - In the first address space the routing information for address L is then resolved to an address in the transport layer (e.g. L via P1).
- Considering traffic destined for CE2. On receipt of traffic destined for CE2, PE1 looks up in the
VRF 800 for the forwarding information for CE2. FromVRF 800 PE1 looks up CE2 and finds the information “via L(my_RiV)”. In response, PE1 looks in theaddress space 802 labelled my_RiV, looks up L (as given in the VRF) and finds the information “ontunnel 1”. PE1 then looks in thefirst address space 800 to find the next hop for traffic to destination L and finds that it is P1. PE1 then encapsulates the traffic for CE2 in a tunnel header that has as its destination address L (as given in (my_RiV)) and a label that indicates that it is tunneled ontunnel 1 and forwards this onto the next hop P1. - The encapsulated traffic is then forwarded to L without the payload of the traffic being examined.
- The VRF may also include forwarding information for traffic that is not to be tunneled. For instance, as shown in
FIG. 8 , traffic for CE5 and CE6 does not require to be tunneled. In the case of CE5, traffic for CE5 is to be forwarded in a normal switched manner via address Q and Q can be reached via P1. This information is wholly stored within thefirst address space 800. PE1 therefore switches traffic for CE5 with a destination node Q and this traffic is first switched to P1. This is also the case for destination CE6 as shown inFIG. 8 , where traffic for CE6 is via node R and is switched via node P1. - Thus, for traffic that does not require tunneling, the VRF may contain explicit information telling the PE1 to look in the VRF for the forwarding information (as is the case for CE5) or the default address space may be set to be VRF is specified) or there is no forwarding information and the PE looks in the VPF by default for the next hop.
- In the foregoing specification, the invention has been described with reference to specific embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the broader spirit and scope of the invention. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense. For instance, the invention has been described with particular reference to VPNs. However the invention is applicable to any internetworking system in which traffic is to be tunneled and in particular to any internetworking system in which the internetwork layer IP address of a tunnel endpoint in a second address space corresponds to a numerically equivalent link layer IP address in a first address space.
Claims (17)
1. A router for directing traffic on a network, the router comprising:
a first address space including information relating to a destination address and information relating to forwarding of traffic for the destination address; and
a second address space including information relating to tunnel endpoint addresses, a tunnel endpoint address in the second address space being related to the forwarding information in the first address space.
2. A router according to claim 1 , wherein all addresses in the second address space are directly connected to a multi-point tunnel network.
3. A router according to claim 1 , wherein the tunnel endpoint address in the second address space is numerically identical to the address in the first address space.
4. A router according to claim 1 , wherein the address in the first address space is a link layer IP address and the tunnel endpoint address in the second address space is an internetwork layer IP address.
5. A router according to claim 1 , wherein a multipoint tunnel network is defined in the second address space.
6. A router according to claim 1 , wherein a routing protocol update is used to distribute routing information between nodes of the network.
7. A router according to claim 1 , wherein the receipt of an advertised next hop in a routing protocol update triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
8. A router according to claim 1 , wherein a plurality of second address spaces are provided, corresponding to the definition of multiple tunnels.
9. A router for directing traffic via a network, the network including a plurality of interconnected nodes, the router comprising:
a first address space for storing information received from nodes of the network, the information indicating a destination address and information as to how traffic for the destination address is to be forwarded via a specified node of the network; and
a second address space for storing information relating to how traffic is to be tunneled to a node of the network, the information indicating a destination address, the destination address in the second address space being related to an address of the specified node in the first address space;
wherein on receipt of routing information for the destination, the router re-directing the traffic for the destination by changing the address space of the next node from the first address space to the second address space.
10. A method of creating a virtual private network via one or more networks owned by one or more internet service providers, the method comprising:
receiving information at a first node of the network that traffic for a destination is to the tunneled via a second node of the network, said information indicating that the traffic for the destination is to be tunneled to the node, said destination being part of a virtual private network; and
on receipt of routing information for the destination in the virtual private network, re-directing the traffic for the destination by changing the address space of the next node from a first address space to a second address space.
11. A method according to claim 10 , wherein the information is in a routing update received via the network.
12. A method of redirecting traffic to be tunneled across a network, the method comprising:
deriving a link layer IP address of a multipoint tunnel endpoint from an internetwork layer IP address by making the link layer address numerically equivalent to the internetwork layer address, wherein the link layer address is in a first address space that is distinct from a second address space of the internetwork address; and
redirecting traffic by changing the address space of the next node from the first address space to the second address space.
13. A method according to claim 12 , wherein information relating to a node to be directed to is received in a routing advertisement.
14. A method according to claim 13 , wherein a multipoint tunnel network is defined in the second address space.
15. A method according to claim 14 , wherein a routing protocol update is used to distribute routing information between nodes of the network.
16. A method according to claim 14 , wherein the receipt of an advertised next hop in a routing protocol update triggers the creation of a tunnel endpoint with an IP address in the second address space corresponding to the IP address in the first address space.
17. A method according to claim 14 , wherein a plurality of second address spaces is provided, corresponding to the definition of multiple tunnels.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/652,359 US20070112975A1 (en) | 2002-10-02 | 2007-01-10 | Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/270,409 US7185107B1 (en) | 2002-10-02 | 2002-10-02 | Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks |
US11/652,359 US20070112975A1 (en) | 2002-10-02 | 2007-01-10 | Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/270,409 Division US7185107B1 (en) | 2002-10-02 | 2002-10-02 | Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks |
Publications (1)
Publication Number | Publication Date |
---|---|
US20070112975A1 true US20070112975A1 (en) | 2007-05-17 |
Family
ID=37769767
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/270,409 Expired - Fee Related US7185107B1 (en) | 2002-10-02 | 2002-10-02 | Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks |
US11/652,359 Abandoned US20070112975A1 (en) | 2002-10-02 | 2007-01-10 | Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/270,409 Expired - Fee Related US7185107B1 (en) | 2002-10-02 | 2002-10-02 | Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks |
Country Status (1)
Country | Link |
---|---|
US (2) | US7185107B1 (en) |
Cited By (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050243839A1 (en) * | 2004-04-30 | 2005-11-03 | Alcatel | Disabling mutually recursive routes |
US20070288550A1 (en) * | 2005-06-07 | 2007-12-13 | Kabushiki Kaisha Toshiba | Information Processing Server, Remote Control System, and Remote Control Method |
US20090164835A1 (en) * | 2007-12-19 | 2009-06-25 | James Uttaro | Method and system for survival of data plane through a total control plane failure |
US20090190591A1 (en) * | 2008-01-30 | 2009-07-30 | Ganesh Chennimalai Sankaran | Obtaining Information on Forwarding Decisions for a Packet Flow |
US20100278181A1 (en) * | 2004-11-16 | 2010-11-04 | Juniper Networks, Inc. | Point-to-multi-point/non-broadcasting mutli-access vpn tunnels |
US20100329268A1 (en) * | 2008-02-13 | 2010-12-30 | Telefonaktiebolaget L M Ericsson (Publ) | Overlay Network Node And Overlay Networks |
US20110044351A1 (en) * | 2009-08-19 | 2011-02-24 | Brocade Communications Systems, Inc. | Techniques for efficiently updating routing information upon shortest path tree computation |
US20110069706A1 (en) * | 2009-09-21 | 2011-03-24 | Brocade Communications Systems, Inc. | Techniques for next-hop optimization |
US20110149979A1 (en) * | 2009-12-17 | 2011-06-23 | At&T Intellectual Property I, L.P. | Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same |
US20120215933A1 (en) * | 2009-10-26 | 2012-08-23 | Zte Corporation | Method for performing dynamic tunnel message forwarding and switch thereof |
US20120294166A1 (en) * | 2011-05-20 | 2012-11-22 | Brocade Communications Systems, Inc. | Techniques for efficiently updating routing information |
US8458467B2 (en) | 2005-06-21 | 2013-06-04 | Cisco Technology, Inc. | Method and apparatus for adaptive application message payload content transformation in a network infrastructure element |
US8606939B1 (en) * | 2005-11-14 | 2013-12-10 | Cisco Technology, Inc. | Method of configuring an on-demand secure connection between a control site and a client network |
US20140056300A1 (en) * | 2012-08-21 | 2014-02-27 | Futurewei Technologies, Inc. | Method of Multiprotocol Label Switching Encapsulation for United Router Farm Forwarding |
US20140075243A1 (en) * | 2012-09-12 | 2014-03-13 | International Business Machines Corporation | Tunnel health check mechanism in overlay network |
CN103873491A (en) * | 2012-12-07 | 2014-06-18 | 华耀(中国)科技有限公司 | VPN safe browser system and setting method |
US20150215810A1 (en) * | 2010-10-05 | 2015-07-30 | Cisco Technology, Inc. | System and method for offloading data in a communication system |
US9197489B1 (en) | 2012-03-30 | 2015-11-24 | Amazon Technologies, Inc. | Live migration of virtual machines in a hybrid network environment |
US9479433B1 (en) * | 2013-04-30 | 2016-10-25 | Cisco Technology, Inc. | Interconnecting virtual private networks |
US9722933B2 (en) | 2011-06-14 | 2017-08-01 | Cisco Technology, Inc. | Selective packet sequence acceleration in a network environment |
US9928107B1 (en) | 2012-03-30 | 2018-03-27 | Amazon Technologies, Inc. | Fast IP migration in a hybrid network environment |
US10027589B1 (en) * | 2016-06-30 | 2018-07-17 | Juniper Network, Inc. | Apparatus, system, and method for achieving redundancy and load-balancing across communication layers within networks |
US10110433B2 (en) | 2011-01-04 | 2018-10-23 | Cisco Technology, Inc. | System and method for exchanging information in a mobile wireless network environment |
US10212076B1 (en) * | 2012-12-27 | 2019-02-19 | Sitting Man, Llc | Routing methods, systems, and computer program products for mapping a node-scope specific identifier |
US10313235B2 (en) * | 2015-07-13 | 2019-06-04 | Futurewei Technologies, Inc. | Internet control message protocol enhancement for traffic carried by a tunnel over internet protocol networks |
US10367737B1 (en) | 2012-12-27 | 2019-07-30 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10397100B1 (en) * | 2012-12-27 | 2019-08-27 | Sitting Man, Llc | Routing methods, systems, and computer program products using a region scoped outside-scope identifier |
US10397101B1 (en) * | 2012-12-27 | 2019-08-27 | Sitting Man, Llc | Routing methods, systems, and computer program products for mapping identifiers |
US10404583B1 (en) * | 2012-12-27 | 2019-09-03 | Sitting Man, Llc | Routing methods, systems, and computer program products using multiple outside-scope identifiers |
US10404582B1 (en) | 2012-12-27 | 2019-09-03 | Sitting Man, Llc | Routing methods, systems, and computer program products using an outside-scope indentifier |
US10411998B1 (en) * | 2012-12-27 | 2019-09-10 | Sitting Man, Llc | Node scope-specific outside-scope identifier-equipped routing methods, systems, and computer program products |
US10411997B1 (en) * | 2012-12-27 | 2019-09-10 | Sitting Man, Llc | Routing methods, systems, and computer program products for using a region scoped node identifier |
US10419335B1 (en) * | 2012-12-27 | 2019-09-17 | Sitting Man, Llc | Region scope-specific outside-scope indentifier-equipped routing methods, systems, and computer program products |
US10419334B1 (en) * | 2012-12-27 | 2019-09-17 | Sitting Man, Llc | Internet protocol routing methods, systems, and computer program products |
US10447575B1 (en) | 2012-12-27 | 2019-10-15 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10587505B1 (en) | 2012-12-27 | 2020-03-10 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US20210336866A1 (en) * | 2019-01-07 | 2021-10-28 | Huawei Technologies Co., Ltd. | Route Advertisement Method, Device, and System |
US20210336870A1 (en) * | 2019-01-07 | 2021-10-28 | Huawei Technologies Co., Ltd. | Route Recursion Control Method, Device, and System |
Families Citing this family (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040258056A1 (en) * | 2001-11-13 | 2004-12-23 | Tomohiro Ishihara | Provider connection system, packet exchange apparatus thereof, dns server, packet exchange method, and computer program thereof |
US7457277B1 (en) * | 2002-09-20 | 2008-11-25 | Mahi Networks, Inc. | System and method for network layer protocol routing in a peer model integrated optical network |
US8737200B1 (en) * | 2003-06-25 | 2014-05-27 | Rockstar Consortium Us Lp | MPLS/IP pseudo-wire and layer-2 virtual private network resiliency |
US8074270B1 (en) * | 2003-06-30 | 2011-12-06 | Juniper Networks, Inc. | Automatic configuration of network tunnels |
US20050015511A1 (en) * | 2003-07-02 | 2005-01-20 | Nec Laboratories America, Inc. | Accelerated large data distribution in overlay networks |
US7330907B2 (en) | 2003-10-02 | 2008-02-12 | Internet Associates, Llc | Methods, computer systems, and computer readable media for controlling the status of network address space |
US20050086469A1 (en) * | 2003-10-17 | 2005-04-21 | Microsoft Corporation | Scalable, fault tolerant notification method |
US7586922B2 (en) * | 2004-03-12 | 2009-09-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Providing higher layer packet/frame boundary information in GRE frames |
US7519079B2 (en) * | 2004-09-08 | 2009-04-14 | Telefonaktiebolaget L M Ericsson (Publ) | Generic routing encapsulation over point-to-point protocol |
US7894445B2 (en) * | 2004-10-13 | 2011-02-22 | Csc Holdings, Inc. | Method and system for redirecting networked traffic |
US20060133265A1 (en) * | 2004-12-22 | 2006-06-22 | Alcatel | Virtual private networking methods and systems |
US7408941B2 (en) * | 2005-06-14 | 2008-08-05 | Cisco Technology, Inc. | Method for auto-routing of multi-hop pseudowires |
US8595295B2 (en) * | 2006-06-30 | 2013-11-26 | Google Inc. | Method and system for determining and sharing a user's web presence |
US8179905B1 (en) * | 2006-09-27 | 2012-05-15 | At&T Intellectual Property Ii, L.P. | Method and apparatus for providing communication for virtual private networks |
WO2008063858A2 (en) * | 2006-11-21 | 2008-05-29 | Nortel Networks Limited | Supporting bgp based ip-vpn in a routed network |
US8929364B2 (en) * | 2007-11-06 | 2015-01-06 | Avaya Inc. | Supporting BGP based IP-VPN in a routed network |
US8743740B2 (en) * | 2008-04-08 | 2014-06-03 | At&T Intellectual Property I, L.P. | Methods and apparatus to implement a partial mesh virtual private local area network service |
US7924830B2 (en) | 2008-10-21 | 2011-04-12 | At&T Intellectual Property I, Lp | System and method to route data in an anycast environment |
JP5310262B2 (en) * | 2009-05-27 | 2013-10-09 | 日本電気株式会社 | Server apparatus, transmission system, and GRE encapsulated transfer method used therefor |
US20110087789A1 (en) * | 2009-10-13 | 2011-04-14 | Nokia Corporation | Subscription based network routing tables and enforcement for overlay networks |
US8161190B2 (en) * | 2009-12-14 | 2012-04-17 | At&T Intellectual Property I, L.P. | System and method to manage static internet protocol addresses |
CN101795235B (en) * | 2010-03-18 | 2014-03-19 | 中兴通讯股份有限公司 | Route map treatment method and operator edge device |
US8799510B2 (en) | 2011-07-05 | 2014-08-05 | Cisco Technology, Inc. | Managing host routes for local computer networks with a plurality of field area routers |
US9888028B2 (en) * | 2013-05-03 | 2018-02-06 | Centurylink Intellectual Property Llc | Combination of remote triggered source and destination blackhole filtering |
US9565034B2 (en) * | 2013-12-11 | 2017-02-07 | Cisco Technology, Inc. | System and method for scalable inter-domain overlay networking |
US9825777B2 (en) * | 2015-06-23 | 2017-11-21 | Cisco Technology, Inc. | Virtual private network forwarding and nexthop to transport mapping scheme |
US9838315B2 (en) * | 2015-07-29 | 2017-12-05 | Cisco Technology, Inc. | Stretched subnet routing |
US10979392B2 (en) | 2017-10-19 | 2021-04-13 | Bank Of America Corporation | Preventing unauthorized access to secure enterprise information systems using a multi-filtering and randomizing control system |
US10698752B2 (en) | 2017-10-26 | 2020-06-30 | Bank Of America Corporation | Preventing unauthorized access to secure enterprise information systems using a multi-intercept system |
US10680945B1 (en) | 2018-09-27 | 2020-06-09 | Amazon Technologies, Inc. | Extending overlay networks to edge routers of a substrate network |
US10958561B1 (en) * | 2019-03-25 | 2021-03-23 | Juniper Networks, Inc. | Utilizing egress peer engineering to determine optimized traffic plans and to implement an optimized traffic plan |
US11444804B2 (en) | 2019-11-21 | 2022-09-13 | Oracle International Corporation | System and method for preventing switch loops in layer-2 networks |
US11463276B2 (en) | 2019-11-21 | 2022-10-04 | Oracle International Corporation | System and method for providing a multi-dimensional ring-lattice network topology |
CN113630300B (en) * | 2020-05-09 | 2023-08-08 | 华为技术有限公司 | Method and node for message transmission |
Citations (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020032871A1 (en) * | 2000-09-08 | 2002-03-14 | The Regents Of The University Of Michigan | Method and system for detecting, tracking and blocking denial of service attacks over a computer network |
US20020080819A1 (en) * | 2000-10-30 | 2002-06-27 | Shiao-Li Tsao | Packet tunneling method in mobile data communication network |
US20020133618A1 (en) * | 2001-03-14 | 2002-09-19 | Desai Bhavesh N. | Tunneling system for a cable data service |
US20030046587A1 (en) * | 2001-09-05 | 2003-03-06 | Satyam Bheemarasetti | Secure remote access using enterprise peer networks |
US20030086422A1 (en) * | 2001-11-02 | 2003-05-08 | Netvmg, Inc. | System and method to provide routing control of information over networks |
US20030099232A1 (en) * | 2001-11-26 | 2003-05-29 | Hideyuki Kudou | Router having a function to prevent a packet sequence inversion |
US20030108041A1 (en) * | 2001-12-07 | 2003-06-12 | Nortell Networks Limited | Tunneling scheme optimized for use in virtual private netwoks |
US6591306B1 (en) * | 1999-04-01 | 2003-07-08 | Nec Corporation | IP network access for portable devices |
US20030158962A1 (en) * | 2002-02-21 | 2003-08-21 | John Keane | Methods and systems for resolving addressing conflicts based on tunnel information |
US20040001433A1 (en) * | 2001-07-18 | 2004-01-01 | Gram Charles Andrew | Interactive control of network devices |
US20040030804A1 (en) * | 1999-03-12 | 2004-02-12 | Nortel Networks Limited | Multi-cast enabled address resolution protocol (ME-ARP) |
US20040047322A1 (en) * | 2002-04-15 | 2004-03-11 | O'neill Alan | Methods and apparatus for tunneling between different addressing domains |
US20040064581A1 (en) * | 2002-07-11 | 2004-04-01 | Sony Corporation | Data forwarding controller communication terminal apparatus, data communication system and method, and computer program |
US20050165834A1 (en) * | 2001-06-08 | 2005-07-28 | Nadeau Thomas D. | Method and apparatus for controlled access of requests from virtual private network devices to managed information objects using simple network management protocol and multi-topology routing |
US20050190758A1 (en) * | 2004-03-01 | 2005-09-01 | Cisco Technology, Inc. | Security groups for VLANs |
US20060007929A1 (en) * | 2001-03-14 | 2006-01-12 | Desai Bhavesh N | Transmit and receive system for a cable data service |
US7068661B1 (en) * | 1999-07-13 | 2006-06-27 | Alcatel Canada Inc. | Method and apparatus for providing control information in a system using distributed communication routing |
US20060288208A1 (en) * | 2005-06-21 | 2006-12-21 | Vinod Dashora | Method and apparatus for adaptive application message payload content transformation in a network infrastructure element |
US20070253346A1 (en) * | 2006-05-01 | 2007-11-01 | Cisco Technology, Inc. | Detection of potential forwarding loops in bridged networks |
US7596110B2 (en) * | 2002-02-28 | 2009-09-29 | Telefonaktiebolaget L M Ericsson (Publ) | Routing in virtual private network |
-
2002
- 2002-10-02 US US10/270,409 patent/US7185107B1/en not_active Expired - Fee Related
-
2007
- 2007-01-10 US US11/652,359 patent/US20070112975A1/en not_active Abandoned
Patent Citations (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040030804A1 (en) * | 1999-03-12 | 2004-02-12 | Nortel Networks Limited | Multi-cast enabled address resolution protocol (ME-ARP) |
US6591306B1 (en) * | 1999-04-01 | 2003-07-08 | Nec Corporation | IP network access for portable devices |
US7068661B1 (en) * | 1999-07-13 | 2006-06-27 | Alcatel Canada Inc. | Method and apparatus for providing control information in a system using distributed communication routing |
US20020032871A1 (en) * | 2000-09-08 | 2002-03-14 | The Regents Of The University Of Michigan | Method and system for detecting, tracking and blocking denial of service attacks over a computer network |
US20020080819A1 (en) * | 2000-10-30 | 2002-06-27 | Shiao-Li Tsao | Packet tunneling method in mobile data communication network |
US20060007929A1 (en) * | 2001-03-14 | 2006-01-12 | Desai Bhavesh N | Transmit and receive system for a cable data service |
US20020133618A1 (en) * | 2001-03-14 | 2002-09-19 | Desai Bhavesh N. | Tunneling system for a cable data service |
US20050165834A1 (en) * | 2001-06-08 | 2005-07-28 | Nadeau Thomas D. | Method and apparatus for controlled access of requests from virtual private network devices to managed information objects using simple network management protocol and multi-topology routing |
US20040001433A1 (en) * | 2001-07-18 | 2004-01-01 | Gram Charles Andrew | Interactive control of network devices |
US20030046587A1 (en) * | 2001-09-05 | 2003-03-06 | Satyam Bheemarasetti | Secure remote access using enterprise peer networks |
US20030086422A1 (en) * | 2001-11-02 | 2003-05-08 | Netvmg, Inc. | System and method to provide routing control of information over networks |
US20030099232A1 (en) * | 2001-11-26 | 2003-05-29 | Hideyuki Kudou | Router having a function to prevent a packet sequence inversion |
US20030108041A1 (en) * | 2001-12-07 | 2003-06-12 | Nortell Networks Limited | Tunneling scheme optimized for use in virtual private netwoks |
US20030158962A1 (en) * | 2002-02-21 | 2003-08-21 | John Keane | Methods and systems for resolving addressing conflicts based on tunnel information |
US7596110B2 (en) * | 2002-02-28 | 2009-09-29 | Telefonaktiebolaget L M Ericsson (Publ) | Routing in virtual private network |
US20040047322A1 (en) * | 2002-04-15 | 2004-03-11 | O'neill Alan | Methods and apparatus for tunneling between different addressing domains |
US20040064581A1 (en) * | 2002-07-11 | 2004-04-01 | Sony Corporation | Data forwarding controller communication terminal apparatus, data communication system and method, and computer program |
US20050190758A1 (en) * | 2004-03-01 | 2005-09-01 | Cisco Technology, Inc. | Security groups for VLANs |
US20060288208A1 (en) * | 2005-06-21 | 2006-12-21 | Vinod Dashora | Method and apparatus for adaptive application message payload content transformation in a network infrastructure element |
US20070253346A1 (en) * | 2006-05-01 | 2007-11-01 | Cisco Technology, Inc. | Detection of potential forwarding loops in bridged networks |
Cited By (84)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7423974B2 (en) | 2004-04-30 | 2008-09-09 | Alcatel | Disabling mutually recursive routes |
US20050243839A1 (en) * | 2004-04-30 | 2005-11-03 | Alcatel | Disabling mutually recursive routes |
US20120137358A1 (en) * | 2004-11-16 | 2012-05-31 | Juniper Networks, Inc. | Point-to-multi-point/non-broadcasting multi-access vpn tunnels |
US8127349B2 (en) * | 2004-11-16 | 2012-02-28 | Juniper Networks, Inc. | Point-to-multi-point/non-broadcasting multi-access VPN tunnels |
US20100278181A1 (en) * | 2004-11-16 | 2010-11-04 | Juniper Networks, Inc. | Point-to-multi-point/non-broadcasting mutli-access vpn tunnels |
US8631087B2 (en) * | 2005-06-07 | 2014-01-14 | Kabushiki Kaisha Toshiba | Information processing server, remote control system, and remote control method using a tunnel to determine a service on another network and executing the service without using the tunnel |
US20070288550A1 (en) * | 2005-06-07 | 2007-12-13 | Kabushiki Kaisha Toshiba | Information Processing Server, Remote Control System, and Remote Control Method |
US8458467B2 (en) | 2005-06-21 | 2013-06-04 | Cisco Technology, Inc. | Method and apparatus for adaptive application message payload content transformation in a network infrastructure element |
US8606939B1 (en) * | 2005-11-14 | 2013-12-10 | Cisco Technology, Inc. | Method of configuring an on-demand secure connection between a control site and a client network |
US8667174B2 (en) | 2007-12-19 | 2014-03-04 | At&T Intellectual Property I, L.P. | Method and system for survival of data plane through a total control plane failure |
US20090164835A1 (en) * | 2007-12-19 | 2009-06-25 | James Uttaro | Method and system for survival of data plane through a total control plane failure |
US8396988B2 (en) * | 2007-12-19 | 2013-03-12 | At&T Intellectual Property I, L.P. | Method and system for survival of data plane through a total control plane failure |
US7817636B2 (en) * | 2008-01-30 | 2010-10-19 | Cisco Technology, Inc. | Obtaining information on forwarding decisions for a packet flow |
US20090190591A1 (en) * | 2008-01-30 | 2009-07-30 | Ganesh Chennimalai Sankaran | Obtaining Information on Forwarding Decisions for a Packet Flow |
US20100329268A1 (en) * | 2008-02-13 | 2010-12-30 | Telefonaktiebolaget L M Ericsson (Publ) | Overlay Network Node And Overlay Networks |
US8817595B2 (en) * | 2008-02-13 | 2014-08-26 | Telefonaktiebolaget L M Ericsson (Publ) | Overlay network node and overlay networks |
US9106512B2 (en) | 2009-08-19 | 2015-08-11 | Brocade Communications Systems, Inc. | Techniques for efficiently updating routing information upon shortest path tree computation |
US8565247B2 (en) | 2009-08-19 | 2013-10-22 | Brocade Communications Systems, Inc. | Techniques for efficiently updating routing information upon shortest path tree computation |
US20110044351A1 (en) * | 2009-08-19 | 2011-02-24 | Brocade Communications Systems, Inc. | Techniques for efficiently updating routing information upon shortest path tree computation |
US20110069706A1 (en) * | 2009-09-21 | 2011-03-24 | Brocade Communications Systems, Inc. | Techniques for next-hop optimization |
US8873563B2 (en) | 2009-09-21 | 2014-10-28 | Brocade Communications Systems, Inc. | Techniques for next-hop optimization |
US20120215933A1 (en) * | 2009-10-26 | 2012-08-23 | Zte Corporation | Method for performing dynamic tunnel message forwarding and switch thereof |
US9088498B2 (en) * | 2009-12-17 | 2015-07-21 | At&T Intellectual Property I, L.P. | Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same |
US8761185B2 (en) * | 2009-12-17 | 2014-06-24 | At&T Intellectual Property I, L.P. | Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same |
US20110149979A1 (en) * | 2009-12-17 | 2011-06-23 | At&T Intellectual Property I, L.P. | Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same |
US20140269730A1 (en) * | 2009-12-17 | 2014-09-18 | At&T Intellectual Property I, L.P. | Communication networks that provide a common transport domain for use by multiple service domains and methods and computer program products for using the same |
US9973961B2 (en) * | 2010-10-05 | 2018-05-15 | Cisco Technology, Inc. | System and method for offloading data in a communication system |
US20150215810A1 (en) * | 2010-10-05 | 2015-07-30 | Cisco Technology, Inc. | System and method for offloading data in a communication system |
US10110433B2 (en) | 2011-01-04 | 2018-10-23 | Cisco Technology, Inc. | System and method for exchanging information in a mobile wireless network environment |
US9007918B2 (en) | 2011-05-20 | 2015-04-14 | Brocade Communications Systems, Inc. | Techniques for efficiently updating routing information |
US20120294166A1 (en) * | 2011-05-20 | 2012-11-22 | Brocade Communications Systems, Inc. | Techniques for efficiently updating routing information |
US8503464B2 (en) * | 2011-05-20 | 2013-08-06 | Brocade Communications Systems, Inc. | Techniques for efficiently updating routing information |
US9722933B2 (en) | 2011-06-14 | 2017-08-01 | Cisco Technology, Inc. | Selective packet sequence acceleration in a network environment |
US9928107B1 (en) | 2012-03-30 | 2018-03-27 | Amazon Technologies, Inc. | Fast IP migration in a hybrid network environment |
US9197489B1 (en) | 2012-03-30 | 2015-11-24 | Amazon Technologies, Inc. | Live migration of virtual machines in a hybrid network environment |
US20140056300A1 (en) * | 2012-08-21 | 2014-02-27 | Futurewei Technologies, Inc. | Method of Multiprotocol Label Switching Encapsulation for United Router Farm Forwarding |
US8948179B2 (en) * | 2012-08-21 | 2015-02-03 | Futurewei Technologies, Inc. | Method of multiprotocol label switching encapsulation for united router farm forwarding |
US20140075243A1 (en) * | 2012-09-12 | 2014-03-13 | International Business Machines Corporation | Tunnel health check mechanism in overlay network |
US9253061B2 (en) * | 2012-09-12 | 2016-02-02 | International Business Machines Corporation | Tunnel health check mechanism in overlay network |
CN103873491A (en) * | 2012-12-07 | 2014-06-18 | 华耀(中国)科技有限公司 | VPN safe browser system and setting method |
US10411997B1 (en) * | 2012-12-27 | 2019-09-10 | Sitting Man, Llc | Routing methods, systems, and computer program products for using a region scoped node identifier |
US10574562B1 (en) | 2012-12-27 | 2020-02-25 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US11784914B1 (en) | 2012-12-27 | 2023-10-10 | Morris Routing Technologies, Llc | Routing methods, systems, and computer program products |
US11196660B1 (en) | 2012-12-27 | 2021-12-07 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10212076B1 (en) * | 2012-12-27 | 2019-02-19 | Sitting Man, Llc | Routing methods, systems, and computer program products for mapping a node-scope specific identifier |
US11012344B1 (en) | 2012-12-27 | 2021-05-18 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10367737B1 (en) | 2012-12-27 | 2019-07-30 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10382327B1 (en) | 2012-12-27 | 2019-08-13 | Sitting Man, Llc | Methods, systems, and computer program products for routing using headers including a sequence of node scope-specific identifiers |
US10389624B1 (en) | 2012-12-27 | 2019-08-20 | Sitting Man, Llc | Scoped identifier space routing methods, systems, and computer program products |
US10389625B1 (en) | 2012-12-27 | 2019-08-20 | Sitting Man, Llc | Routing methods, systems, and computer program products for using specific identifiers to transmit data |
US10397100B1 (en) * | 2012-12-27 | 2019-08-27 | Sitting Man, Llc | Routing methods, systems, and computer program products using a region scoped outside-scope identifier |
US10397101B1 (en) * | 2012-12-27 | 2019-08-27 | Sitting Man, Llc | Routing methods, systems, and computer program products for mapping identifiers |
US10404583B1 (en) * | 2012-12-27 | 2019-09-03 | Sitting Man, Llc | Routing methods, systems, and computer program products using multiple outside-scope identifiers |
US10404582B1 (en) | 2012-12-27 | 2019-09-03 | Sitting Man, Llc | Routing methods, systems, and computer program products using an outside-scope indentifier |
US10411998B1 (en) * | 2012-12-27 | 2019-09-10 | Sitting Man, Llc | Node scope-specific outside-scope identifier-equipped routing methods, systems, and computer program products |
US10862791B1 (en) | 2012-12-27 | 2020-12-08 | Sitting Man, Llc | DNS methods, systems, and computer program products |
US10419335B1 (en) * | 2012-12-27 | 2019-09-17 | Sitting Man, Llc | Region scope-specific outside-scope indentifier-equipped routing methods, systems, and computer program products |
US10419334B1 (en) * | 2012-12-27 | 2019-09-17 | Sitting Man, Llc | Internet protocol routing methods, systems, and computer program products |
US10447575B1 (en) | 2012-12-27 | 2019-10-15 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10476788B1 (en) * | 2012-12-27 | 2019-11-12 | Sitting Man, Llc | Outside-scope identifier-equipped routing methods, systems, and computer program products |
US10498642B1 (en) * | 2012-12-27 | 2019-12-03 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10841198B1 (en) | 2012-12-27 | 2020-11-17 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10587505B1 (en) | 2012-12-27 | 2020-03-10 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10594594B1 (en) | 2012-12-27 | 2020-03-17 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10652134B1 (en) | 2012-12-27 | 2020-05-12 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10652133B1 (en) | 2012-12-27 | 2020-05-12 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10652150B1 (en) | 2012-12-27 | 2020-05-12 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10708168B1 (en) | 2012-12-27 | 2020-07-07 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10721164B1 (en) | 2012-12-27 | 2020-07-21 | Sitting Man, Llc | Routing methods, systems, and computer program products with multiple sequences of identifiers |
US10735306B1 (en) | 2012-12-27 | 2020-08-04 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10757020B2 (en) | 2012-12-27 | 2020-08-25 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10757010B1 (en) | 2012-12-27 | 2020-08-25 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10764171B1 (en) | 2012-12-27 | 2020-09-01 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10785143B1 (en) | 2012-12-27 | 2020-09-22 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US10805204B1 (en) | 2012-12-27 | 2020-10-13 | Sitting Man, Llc | Routing methods, systems, and computer program products |
US9871675B2 (en) * | 2013-04-30 | 2018-01-16 | Cisco Technology, Inc. | Interconnecting virtual private networks |
US9479433B1 (en) * | 2013-04-30 | 2016-10-25 | Cisco Technology, Inc. | Interconnecting virtual private networks |
US20170005831A1 (en) * | 2013-04-30 | 2017-01-05 | Cisco Technology, Inc. | Interconnecting virtual private networks |
US10313235B2 (en) * | 2015-07-13 | 2019-06-04 | Futurewei Technologies, Inc. | Internet control message protocol enhancement for traffic carried by a tunnel over internet protocol networks |
US10027589B1 (en) * | 2016-06-30 | 2018-07-17 | Juniper Network, Inc. | Apparatus, system, and method for achieving redundancy and load-balancing across communication layers within networks |
US20210336866A1 (en) * | 2019-01-07 | 2021-10-28 | Huawei Technologies Co., Ltd. | Route Advertisement Method, Device, and System |
US20210336870A1 (en) * | 2019-01-07 | 2021-10-28 | Huawei Technologies Co., Ltd. | Route Recursion Control Method, Device, and System |
US11652737B2 (en) * | 2019-01-07 | 2023-05-16 | Huawei Technologies Co., Ltd. | Route recursion control method, device, and system |
US11888722B2 (en) * | 2019-01-07 | 2024-01-30 | Huawei Technologies Co., Ltd. | Route advertisement method, device, and system |
Also Published As
Publication number | Publication date |
---|---|
US7185107B1 (en) | 2007-02-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7185107B1 (en) | Redirecting network traffic through a multipoint tunnel overlay network using distinct network address spaces for the overlay and transport networks | |
US10764146B2 (en) | Segment routing over label distribution protocol | |
CN111740913B (en) | Method, router and readable medium for forwarding network traffic in computer network | |
EP3211839B1 (en) | Split-horizon packet forwarding in a mh-pbb-evpn network | |
JP5600189B2 (en) | VPN implementation over a link state protocol controlled Ethernet network | |
JP5550757B2 (en) | Ethernet network controlled by IP forwarding with link state protocol | |
US8665887B2 (en) | Number automatic routing method, updating method, withdrawing method, router and device | |
US7590119B2 (en) | Method and apparatus for context-based prefix updates in border gateway protocol | |
US8812726B2 (en) | Service insertion in a computer network using internet protocol version 6 techniques | |
US6631137B1 (en) | Method and system for improving high speed internetwork data transfers | |
CN110832813A (en) | Ethernet virtual private network using segmented routing | |
CN113645136B (en) | Method, network node and network system for forwarding message in network | |
US8937961B1 (en) | Modular software architecture for a route server within an internet exchange | |
US20070258447A1 (en) | Inter-area summarization of edge-device addresses using RFC3107 | |
US7969995B2 (en) | Method and apparatus for constructing a forwarding database for a data communications network | |
CA2436860A1 (en) | Auto-tunnelling in a heterogenous network | |
JP2006514496A (en) | Virtual private network interconnection method in disconnected mode | |
WO2023284675A1 (en) | Forwarding table lookup method and apparatus, and storage medium and electronic apparatus | |
WO2024007762A1 (en) | Route publishing method, and communication method and apparatus | |
Nakamura et al. | ovstack: A protocol stack of common data plane for overlay networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |