Web-Based Customer Management of VPNs

The use of Virtual Private Networks (VPNs) is one of the major trends in the integrated broadband communications environment. Currently, the control and management of VPN resources is mainly supported by the provider of the bearer telecommunication services, and VPN customers have no control over these resources. The increasing importance of the broadband communication infrastructure in corporate operations and transactions is stressing the requirement for a customizable configuration, operation and management of VPN services. First, this paper discusses the evolution of VPN environments towards customized VPN configurations and goal-driven management of these VPNs. VPN service characteristics and management requirements are analyzed. Then, the paper introduces the proposed customer management architecture satisfying these requirements. The architecture is based on the multi-level virtualization of network resources through the partitioning of resources in the provider's shared communication infrastructure and the dynamic allocation of these resources to customers. A Web-based distributed approach is used for implementing the proposed customer management of VPNs.     

Hose workload based exact algorithm for the optimal design of virtual private networks

The Virtual Private Networks (VPN) optimal bandwidth allocation problem with tree topology has been widely discussed in the literature. Most of the algorithms proposed by researchers to solve this problem use approximation schemes. In this paper, we propose an exact and efficient Branch-and-Cut algorithm for the problem in the context of a hose workload model. In particular, we consider the case when the ingress and egress traffic at VPN endpoints are asymmetric and the links of the network have unbounded capacities. The algorithm proposed here is based on a linear integer programming formulation for the problem introduced by Kumar et al. (2002) [2]. Using this and a deep investigation of the polyhedral structure of that formulation, our algorithm permits to solve large instances of the problem having up to 120 nodes and 10 terminals.     

High-performance routing for hose-based VPNs in multi-domain backbone networks

By utilizing Layer-1 Virtual Private Networks (L1VPN), a single physical network, e.g., an optical backbone network, can support multiple virtual networks, which form the basic infrastructure for cloud computing and other enterprise networks. The L1VPN hose model is an elegant and flexible way to specify the customers’ bandwidth requirements, by defining the total incoming and outgoing demand for each endpoint. Furthermore, multi-domain physical infrastructures are common in L1VPNs, since these are usually deployed on a global scale. Thus, high-performance Routing for Multi-domain VPN Provisioning (RMVP) for the hose model is an important problem to efficiently support a global virtual infrastructure. In this paper, we formulate the RMVP problem as a Mixed Integer Linear Program (MILP). Also, we propose a Top-Down Routing (TDR) strategy to compute the optimal routing for the hose model L1VPN in a multi-domain backbone network. Results indicate that TDR approaches the minimum routing cost when compared to the ideal case of single-domain routing.     

Multi-path routing versus tree routing for VPN bandwidth provisioning in the hose model

In this paper we study the bandwidth provisioning of VPN service in the hose model with multi-path routing and tree routing. We have investigated the bandwidth efficiency and blocking performance of these two routing schemes. Our study shows that without any restriction on the maximum fraction of traffic on a path (MFTP), multi-path routing often turns out to be single path routing, and only reduces the total bandwidth requirement slightly at rare combination of network topologies and hose parameters. In order to alleviate the overprovisioning problem of the hose model, we propose the concept of sub-provisioning and study the blocking performance using static reduced provisioning. The results show that with full provisioning, the two routing schemes have almost the same blocking performance. However, with sub-provisioning and the variation of the MFTP constraint, multi-path routing is capable of delivering a significant improvement in blocking performance, often better than tree routing by a few orders of magnitude. The improvement is attributed to the multiple alternative paths brought in by the MFTP constraint. With sub-provisioning, the link bandwidth availability becomes the restricting factor in admitting a connection. Having multiple paths, a connection request is able to explore available bandwidth more thoroughly in the network, thus increasing its chances of being admitted. We employ both analytical model and discrete event simulation for the blocking performance study. The analytical model is developed based on the multi-rate reduced load approximation technique and the simulation is carried out using the OPNET simulator. The close agreement between analytical and simulation results indicate the validity of the approach.     

基于局部信息的时延和时延差约束的组播路由

组播通信是从一个源节点同时向网络中的多个目的节点发送分组的通信服务,它一般提供一个以上的端到端的服务约束,实际的路由算法在应用时可以受到多重约束,解决这类问题的组播路由算法是NP完全的。在研究了构建组播树的相关算法后,提出了一种新的时延和时延差约束的低代价组播路由算法-DDVMC。该算法采用基于贪婪策略的Dijkstra最小生成树算法,利用局部信息来构建低代价组播树,很好地平衡了树的代价、时延和时延差。仿真表明,该算法能正确地构造出满足约束的组播树,同时还具有较低的代价和计算复杂度。     

Edge Provisioning and Fairness in VPN-DiffServ Networks

Customers of Virtual Private Networks (VPNs) over Differentiated Services (DiffServ) infrastructure are most likely to demand not only security but also guaranteed Quality-of-Service (QoS) in pursuance of their desire to have leased-line-like services. However, expectedly they will be unable or unwilling to predict the load between VPN endpoints. This paper proposes that customers specify their requirements as a range of quantitative services in the Service Level Agreements (SLAs). To support such services Internet Service Providers (ISPs) would need an automated provisioning system that can logically partition the capacity at the edges to various classes (or groups) of VPN connections and manage them efficiently to allow resource sharing among the groups in a dynamic and fair manner. While with edge provisioning a certain amount of resources based on SLAs (traffic contract at edge) are allocated to VPN connections, we also need to provision the interior nodes of a transit network to meet the assurances offered at the boundaries of the network. We, therefore, propose a two-layered model to provision such VPN-DiffServ networks where the top layer is responsible for edge provisioning, and drives the lower layer in charge of interior resource provisioning with the help of a Bandwidth Broker (BB). Various algorithms with examples and analyses are presented to provision and allocate resources dynamically at the edges for VPN connections. We have developed a prototype BB performing the required provisioning and connection admission.     

A new scalable multicast routing algorithm for interactive real-time applications

Quality of service (QoS) provisioning generally assumes more than one QoS measure that implies that QoS routing can be categorized as an instance of routing subject to multiple constraints: delay jitter, bandwidth, cost, etc. We study the problem of constructing multicast trees to meet the QoS requirements of real-time interactive applications where it is necessary to provide bounded delays and bounded delay variation among the source and all destinations while keeping overall cost of the multicast tree low. The main contribution of our work is a new strategy for constructing multiconstrained multicast trees. We first derive mathematically a new delay-variation estimation scheme and prove its efficiency. Thereafter, we propose a simple and competitive (in terms of running time) heuristic algorithm, for delay and delay variation constrained routing problem based on the proposed delay-variation estimation scheme and using the Extended Prim-Dijkstra tradeoffs’ algorithm. Our contribution also extends previous works in providing some properties and analyses of delay bounded paths satisfying delay variation constraints. Extensive simulation results show that our algorithm outperforms DVDMR in terms of multicast delay variation with the same time complexity as DVDMR.     

The latest in virtual private networks: part I

Virtual private networks (VPNs) are discrete network entities configured and operated over a shared network infrastructure. An intranet is a VPN in which all the sites (the customer locations that are part of a VPN) belong to a single organization. An extranet is a VPN with two or more organizations wishing to share (some) information. In the business world, VPNs let corporate locations share information over the Internet. VPN technology is being extended to the home office, providing telecommuters with the networking security and performance commensurate with that available at the office. Service providers are looking at their geographic footprints and their network routing expertise to create and deliver new revenue-generating VPN services. Looking ahead, these provider-provisioned and managed VPNs are intended to emulate whatever local- or wide-area network connectivity customers desire.     

Bandwidth-delay-constrained least-cost multicast routing based on heuristic genetic algorithm

We present an heuristic genetic algorithm for the quality of service (QoS) multicast routing that depends on: (1) bounded end-to-end delay and link bandwidth along the paths from the source to each destination, and (2) minimum cost of the multicast tree, where the link delay and the link cost are independent metrics. The problem of computing such a constrained multicast tree is NP-complete. We show by experiments that our proposed genetic algorithm is efficient and effective.     

Exploring Traffic Pricing for the Virtual Private Network

This paper explores the implementation issues of network traffic pricing in Internet-based virtual Private Networks (VPNs). A simplified VPN traffic-pricing formula is derived for optimizing VPN bandwidth service welfare. We provide price formulae for both prioritized first-in-first-out bandwidth scheduling and non-prioritized round-robin bandwidth scheduling. A transaction-level pricing architecture based on proxy server technology is proposed, and a prototype traffic-pricing system, VPN Traffic-Pricing Experiment System (VTPES), has been developed to test the transaction-level pricing architecture and examine the pricing formula. Experiments conducted with VTPES show that the pricing mechanism can effectively improve a VPN's transmission efficiency.     

Matrix based proactive resource provisioning in mobile cloud environment

Mobile cloud computing is a dynamic, virtually scalable and network based computing environment where mobile device acts as a thin client and applications run on remote cloud servers. Mobile cloud computing resources required by different users depend on their respective personalized applications. Therefore, efficient resource provisioning in mobile clouds is an important aspect that needs special attention in order to make the mobile cloud computing a highly optimized entity. This paper proposes an adaptive model for efficient resource provisioning in mobile clouds by predicting and storing resource usages in a two dimensional matrix termed as resource provisioning matrix. These resource provisioning matrices are further used by an independent authority to predict future required resources using artificial neural network. Independent authority also checks and verifies resource usage bill computed by cloud service provider using resource provisioning matrices. It provides cost computation reliability for mobile customers in mobile cloud environment. Proposed model is implemented on Hadoop using three different applications. Results indicate that proposed model provides better mobile cloud resources utilization as well as maintains quality of service for mobile customer. Proposed model increases battery life of mobile device and decreases data usage cost for mobile customer.     

基于免疫遗传算法的多约束QoS组播路由选择方法

以具有精英保留的免疫遗传算法（IGAE）为基础,提出了一种新的用来求解带宽、时延、时延抖动受限,费用最小的QoS组播路由选择问题的方法。首先采用预处理机制,将网络结构中不满足带宽约束的链路去掉,利用Dijkstra第k最短路径算法建立编码空间的备选路径集;然后采用基于路径的树结构编码来随机产生初始群体,使种群中的每个个体都代表组播路由问题的一个候选解;最后利用IGAE算法对种群进行优化,最终求得满足QoS要求的组播路由。仿真实验结果表明,该算法具有较好的性能,能以较快的速度搜索到满足QoS要求的费用最小的组播树。     

基于VRF和RT实现BGP／MPLS VPNs中的VPN拓扑发现

在RFC 2547中定义的BGP／MPLS VPNs允许服务提供者使用他们的IP骨干提供VPN服务，使用BGP对骨干网络的路由器分发VPN路由信息，使用MPLS转发VPN流量。BGP／MPLS VPNs允许服务提供者在VPN内定义拥有任意数量结点的任意拓扑。服务提供者能建立使用相同核心网络的多个VPN。目前大多数服务提供者手工地或通过使用配置的数据库实现BGP／MPLS VPNs。本文描述的算法使VPN拓扑发现过程自动化。使用该算法，服务提供者能使用当前网络配置信息自动地发现VPN拓扑。     

Extensions to P2MP RSVP-TE for VPN-specific state provisioning with fair resource sharing

Among the resource provisioning algorithms for the hose-based Virtual Private Network (VPN) Quality of Service (QoS), VPN-specific state provisioning allows the service provider to obtain highest resource multiplexing gains. In this paper, we show that the existing resource reservation protocols proposed for the Internet are not appropriate for the VPN-specific state provisioning. Furthermore, since the VPN-specific state provisioning makes the reserved resources to be randomly shared by the sites belonging to the same VPN, a site generating heavy traffic may unfairly dominate the resources reserved for the VPN. We propose extensions to an existing resource reservation protocol proposed for the Internet, i.e., P2MP RSVP-TE (Point-to-Multipoint Resource Reservation Protocol-Traffic Engineering), for the resource reservation of VPN-specific state provisioning. The proposed extensions also enable the fair usage of reserved resources among the users of a VPN that is provisioned by the VPN-specific state. Through simulation experiments, the effects of deploying a fair usage mechanism into the resource reservation of VPN-specific state provisioning is presented.     

低轨卫星网络中高效资源利用的组播算法

为了解决低轨卫星网络中现有典型源组播算法的信道资源浪费问题,提出了一套单核共享树组播算法,即核心群合并共享树(CCST)和加权CCST(w-CCST)算法.CCST算法包括动态近似中心(DAC)选核方法和核心群合并组播路径构建方法.DAC方法根据组成员在网络中的分布情况自适应选择最优核;在核心群合并方法中,以核节点作为初始核心群,通过核心群和剩余组成员的最短路径方法逐步扩展直至整棵组播树构建完成,从而使得组播树的树代价最小,大大提高了网络的传输带宽利用率和传输效率.在w-CCST算法中,可以通过调整加权因子来适度增大树代价、降低端到端传播时延以满足某些端到端时延要求苛刻的实时组播业务.最后,通过仿真与其它算法进行了性能对比,仿真结果说明CCST组播树的平均树代价比其它组播树显著降低,平均端到端传播时延比其它组播树稍高;w-CCST算法的平均端到端传播时延性能好于CCST算法,树代价性能稍差,说明使用加权因子可以在组播树的树代价和端到端传播时延性能之间作折中.     

多源多播服务功能链优化部署算法

在软件定义网络和网络功能虚拟化环境下,针对多播中的服务功能链（SFC）部署,探究了多源多播中的联合虚拟网络功能（VNF）部署和流量路由问题,目的是最小化节点资源消耗和链路资源消耗总成本。同时考虑到节点、链路及带宽延迟限制,建立了整数线性规划模型,并提出一种名为多源多播树优化的启发式算法。该算法旨在为所有用户找到最近的源节点,获得多个源、目节点组,为每个组构造一棵多播服务功能树,然后优化多播服务功能树。实验仿真结果表明,与其他启发式算法相比,该算法有效地降低了总成本、链路利用率及时延。     

The latest in VPNs: part II

We describe the lastest in VPN. Virtual private networks (VPNs) can be configured and operated across a network provider's shared network infrastructure. The layer-2 VPN (L2VPN) is generating much interest and activity in the industry; it's defined as a VPN that transports native L2 frames across a shared IP network. Network providers will be able to reduce infrastructure and operation costs by taking traffic from L2-specific networks and running it over L2VPNs. An L2VPN transports native L2 frames across a shared IP or multiprotocol label-switching (MPLS) packet-switch network (PSN). The L2 frames can be frame-relay (FR) protocol data units, ATM cells, or even Ethernet frames; they're carried across the PSN using one of several different tunnel-encapsulation schemes. An L2VPN essentially provides the same set of services that native L2 LAN and WAN infrastructures support. We also discuss L2VPNs architecture and components.     

A new approach to dynamic bandwidth allocation in Quality of Service networks: Performance and bounds

Efficient dynamic resource provisioning algorithms are necessary to the development and automation of Quality of Service (QoS) networks. The main goal of these algorithms is to offer services that satisfy the QoS requirements of individual users while guaranteeing at the same time an efficient utilization of network resources.In this paper we introduce a new service model that provides per-flow bandwidth guarantees, where users subscribe for a guaranteed rate; moreover, the network periodically individuates unused bandwidth and proposes short-term contracts where extra-bandwidth is allocated and guaranteed exclusively to users who can exploit it to transmit at a rate higher than their subscribed rate.To implement this service model we propose a dynamic provisioning architecture for intra-domain Quality of Service networks. We develop a set of dynamic on-line bandwidth allocation algorithms that take explicitly into account traffic statistics and users’ utility functions to increase users’ benefit and network revenue.Further, we propose a mathematical formulation of the extra-bandwidth allocation problem that maximizes network revenue. The solution of this model allows to obtain an upper bound on the performance achievable by any on-line bandwidth allocation algorithm.We demonstrate through simulation in realistic network scenarios that the proposed dynamic allocation algorithms are superior to static provisioning in providing resource allocation both in terms of total accepted load and network revenue, and they approach, in several network scenarios, the ideal performance provided by the mathematical model.     

Low-cost,delay-bounded point-to-multipoint communication to support multicasting over WDM networks

The confluence of technical advances and multimedia service needs is intensifying the need for high throughput and low latency. Future communication networks will face an increase in traffic driven by multimedia requirements with stringent delay and jitter requirements. Wavelength division multiplexing (WDM) optical networks have the potential for meeting these goals by offering unprecedented high bandwidth and low latency. One very important aspect of the emerging Internet services is the need to support multicasting. This is crucial if WDM networks were to play an efficient role in the next generation Internet.Multicasting in WDM networks supporting multimedia applications can be viewed as the process of taking a group communication request and selecting a multicast tree that satisfies the quality of service requirements, in terms of bandwidth and end-to-end delay, of the underlying application. In this paper, we present a new class of low-cost, bounded-delay multicast heuristics for WDM networks. The heuristics use various techniques to establish a tree of semi-lightpaths between a source and a group of destination nodes. The unique feature of these heuristics is that they decouple the cost of establishing the multicast tree from the delay incurred by data transmission due to light-wave conversion and processing at intermediate nodes along the transmission path. A simulation study shows the performance of the proposed heuristics.     

Easy VPN技术及其应用

Easy VPN是Cisco为远程用户和分支办公室提供的一种远程访问VPN解决方案,提供了集中的VPN管理和动态的策略分发,降低了远程访问VPN部署的复杂程度,增加了可扩展性及灵活性。论述了Easy VPN的组件和原理,并在此基础上分析了Easy VPN的特性,针对企业分支机构及移动办公人员访问内部资源所面临的问题,分析了Easy VPN的部署方案。通过部署Easy VPN,企业的分支机构通过Internet可以同总部建立点到点的VPN,移动或在家办公用户可以在接入Internet的任何地方方便、安全地访问内部资源,这有助于提高企业生产力,降低企业的管理和维护成本。