US Patent:
20080092229, Apr 17, 2008
Inventors:
Bakul Khanna - Lexington MA, US
Ramasamy Jesuraj - Westford MA, US
Assignee:
Nortel Networks Limited - St. Laurent
International Classification:
G06F 15/16
Abstract:
Customer Traffic may be segregated using customer provisioned IPSec VPNs implemented using group security association for IPSec tunnels, by causing the CE network element to implement multiple VRFs for the several VPNs, each of which may be used for a different segment of the customer's traffic. The CE network element may implement a single MPBGP peering session with the GCKS/RR for all VPNs, and may establish secure data channels for each of the VPNs based on the group security associations for each of the VPNs. Although a common MPBGP peering session may be used, routing information for the several VRFs may be separated by applying per-VRF import policies at the CE, so that each VPN only has access to routes intended to be advertised to that VPN