RFC 2685 (rfc2685) - Page 2 of 6
Virtual Private Networks Identifier
Alternative Format: Original Text Document
RFC 2685 Virtual Private Networks Identifier September 1999
Virtual Private Dial Networks, and Virtual Private LAN Segments. In
addition, numerous drafts and white papers outline methods to be used
by Service Providers and/or Service Provider customers to enable this
service. Solutions may be customer based or network based. Network
based solutions may provide connectivity and services at layer 2
and/or layer 3. The devices involved in enabling the solution may be
Customer Premises Equipment (CPE), Service Provider Edge equipment,
Service Provider Core equipment, or some combination of these.
While the various methods of VPN service implementation are being
discussed and debated, there are two points on which there is
agreement:
Because a VPN is private, it may use a private address space which
may overlap with the address space of another VPN or the Public
Internet.
A VPN may span multiple IP Autonomous Systems (AS) or Service
Providers.
The first point indicates that an IP address only has meaning within
the VPN in which it exists. For this reason, it is necessary to
identify the VPN in which a particular IP address has meaning, the
"scope" of the IP address.
The second point indicates that several methods of VPN service
implementation may be used to provide connectivity and services to a
single VPN. Different service providers may employ different
strategies based on their infrastructure and expertise. It is
desirable to be able to identify any particular VPN at any layer and
at any location in which it exists using the same VPN identifier.
2. Global VPN Identifier
The purpose of a VPN-ID is to identify a VPN. This identifier may be
used in various ways depending on the method of VPN service
implementation. For example, the VPN-ID may be included:
- In a MIB to configure attributes to a VPN, or to assign a physical
or logical access interface to a particular VPN.
- In a control or data packet, to identify the "scope" of a private
IP address and the VPN to which the data belongs.
It is necessary to be able to identify the VPN with which a data
packet is associated. The VPN-ID may be used to make this
association, either explicitly (e.g. through inclusion of the VPN-ID
in an encapsulation header [2]) or implicitly (e.g. through inclusion
Fox & Gleeson Standards Track