A new VPN routing approach for large scale networks

One of the most common provider provisioned VPN technologies uses MPLS as a data plane for customer flow isolation and BGP as a control plane for routing between VPN sites. From a data plane perspective, such networks can provision hundreds of thousands of VPN sites. However, the BGP control plane is prone to scalability concerns. Some BGP routers in VPN backbones must handle routes for all the VPN sites that the provider connects. The number of sites can generate two million BGP routes in large VPN backbones, almost ten times the number of routes in a core Internet router. Prior work proposed solutions to evolve such networks. Yet, we argue that they fail to address the root cause of VPN routing performance issues. In this paper, we show that VPN routing scheme´s poor scalability stems from the application to VPNs of a protocol originally designed for full routing, specifically the Internet. Rather than evolving the current standard based on BGP, we take a principled approach to rethink routing in large VPNs. We propose Two-Step VPN Routing, a new approach for scalable VPN routing. We validate our design choices and compare our approach to existing ones, using both BGP updates and router configurations collected from a large VPN provider.