Externally controlled reachability in virtual private networks

摘要

A network that supports VPNs is enhanced to allow users in one VPN to communicate with users in another VPN in the course of executing a predefined application, such as VoIP. This capability is achieved dynamically by enabling a device that can communicate with the network elements that operate to normally prohibit inter-VPN communication to direct those network elements to enable such communication, at least for the purposes of specific applications.

主权项

1. A method comprising:
receiving, at a call controller, a request for a first device in a first virtual private network to communicate with a second device in a second virtual private network using a connection that is prohibited between the first and second virtual private networks; in response to the request: causing a first provider edge router associated with the first device to store in a first virtual routing forwarding table a first entry defining a route between the first device and the second device, the first entry to indicate that the second device belongs to the first virtual private network; causing a second provider edge router associated with the second device to store in a second virtual routing forwarding table a second entry defining the route between the first device and the second device, the second entry to indicate that the first device belongs to the second virtual private network; and permitting the connection to allow the first device to communicate with the second device across the first and second virtual private networks based on the first entry in the first virtual routing forwarding table and the second entry in the second virtual routing forwarding table; and causing removal of the first entry from the first virtual routing forwarding table and the second entry from the second virtual routing forwarding table when use of the connection is terminated to prevent subsequent communication between the first and second devices via the connection.