A service provider's routers (PE1, P1, P2, PE2) provide connections
between and share routing information with routers (CE1, CE2) of a
customer virtual private network (VPN) as well as routers of other
customers' VPNs, which may have overlapping address spaces. A service
provider's edge router (PE1) informed by the customer's router (CE1) that
it will forward packets to a given prefix notifies the other edge router
(PE2) that PE1 can forward packets to that address prefix if the
destination is in the VPN to which CE1 belongs. PE1 also tells PE2 to tag
any thus-destined packets with a particular tag T3. PE2 stores this
information in a forwarding information base that it separately keeps for
that VPN so that when PE2 receives from a router CE2 in the same VPN a
packet whose destination address has that prefix, it tags the packet as
requested. But PE2 also tags it with a tag T2 that the router P2 to which
PE2 first sends it has asked PE2 to apply to packets to be sent to PE1.
P2 routes the packet in accordance with T2, sending it to P1 after
replacing T2 with a tag T1 that P1 has similarly asked P2 to use. P1
removes T1 from the packet and forwards it in accordance with T1 to PE1,
which in turn removes T3 from the packet and forwards it in accordance
with T3 to CE1. In this manner, only the edge routers need to maintain
separate routing information for separate VPNs.