A service provider's routers (PE1, P1, P2, PE2) provide connections between and share routing information with routers (CE1, CE2) of a customer virtual private network (VPN) as well as routers of other customers' VPNs, which may have overlapping address spaces. A service provider's edge router (PE1) informed by the customer's router (CE1) that it will forward packets to a given prefix notifies the other edge router (PE2) that PE1 can forward packets to that address prefix if the destination is in the VPN to which CE1 belongs. PE1 also tells PE2 to tag any thus-destined packets with a particular tag T3. PE2 stores this information in a forwarding information base that it separately keeps for that VPN so that when PE2 receives from a router CE2 in the same VPN a packet whose destination address has that prefix, it tags the packet as requested. But PE2 also tags it with a tag T2 that the router P2 to which PE2 first sends it has asked PE2 to apply to packets to be sent to PE1. P2 routes the packet in accordance with T2, sending it to P1 after replacing T2 with a tag T1 that P1 has similarly asked P2 to use. P1 removes T1 from the packet and forwards it in accordance with T1 to PE1, which in turn removes T3 from the packet and forwards it in accordance with T3 to CE1. In this manner, only the edge routers need to maintain separate routing information for separate VPNs.
展开▼
机译:服务提供商的路由器(PE 1, P 1, P 2, PE 2 )提供连接并共享客户虚拟专用网(VPN)的路由器(CE 1, CE 2 )以及其他客户VPN的路由器(可能具有重叠的地址空间)的路由信息。客户路由器(CE 1 )通知服务提供商的边缘路由器(PE 1 )将把数据包转发到给定前缀,然后通知另一边缘路由器(PE 2 ),如果目的地在CE 1 所属的VPN中,则PE 1 可以将数据包转发到该地址前缀。 PE 1 还告诉PE 2 用特定的标记T 3标记任何这样指定的数据包。 PE 2 将此信息存储在转发信息库中,该信息将单独保存在该VPN中,以便当PE 2 从路由器CE 2接收到< / B>在同一VPN中,目标地址带有该前缀的数据包将按请求标记该数据包。但是PE 2 还会用PE 2 首先发送到的路由器P 2 的标签T 2 对其进行标记。它已要求PE 2 应用于要发送到PE 1的数据包。 P 2 根据T 2路由数据包,在替换T 2 后将其发送到P 1 B>带有标签T 1 的标签,P 1 相似地要求P 2 使用。 P 1 从数据包中删除T 1 ,然后根据T 1 将其转发到PE 1 依次从数据包中删除T 3 并根据T 3 将其转发到CE 1。 以这种方式,只有边缘路由器需要为单独的VPN维护单独的路由信息。
展开▼
