US Patent 10244076 Secure cloud interconnect private routing

A network device is located in a cloud routing services center that is separate from a customer network. The network device provides a user interface to solicit, from a customer device outside the cloud routing services center, structured routing criteria for virtual private network (VPN) routes over a Multiprotocol Label Switching (MPLS) network and receives, from the customer device, customer routing criteria selected from the structured routing criteria. The network device retrieves network configuration data for the MPLS network and applies the customer routing criteria to the network configuration data to generate a customer VPN routing plan for the MPLS network. The network device analyzes the customer VPN routing plan to determine if the routing plan is viable and, if the routing plan is viable, configures devices in the MPLS network to implement a customer VPN based on the customer VPN routing plan.