Scaling Virtual Private Networks
Many organizations purchase connectionless Virtual Private Network (VPN) services from a telecommunications service provider, who deploys a network of routers, interconnected by high bandwidth trunks, which serve thousands of customers. The nodes in a service provider network are Provider Edge routers (PEs), which store forwarding tables which dictate on which outgoing link to send an incoming packet addressed to a particular destination. In practice, router capacity may be limited by memory, bandwidth, or processing capacity for BGP (Border Gateway Protocol) sessions used to advertise addresses. We describe three techniques that help a service provider deploy a large-scale VPN service. The first technique shows how a service provider can deploy sets of routers, called “route reflector planes,” to advertise addresses when the number of addresses in the service provider network grows. The second technique, applicable when the number of BGP sessions is the limiting resource, is a method to enhance the network reliability at no additional cost, by having each customers forwarding table stored on only a small number of PEs. The third technique is a way to estimate the number of VPNs that can be handled by a PE, when memory is the limiting resource.
Keywords: Telecommunications, network, virtual private network, packet network, routing, router, routing table, forwarding, addressing, Internet protocol
Rights & PermissionsPrintExport