Layer 1 virtual private networks: service concepts, architecture requirements, and related advances in standardization

This article describes service concepts, service requirements, and high-level network architecture requirements for layer 1 virtual private network service. It takes in consideration progress achieved in standardization, mainly inside ITU-T SG 13, which has been very active in this area.     

Layer 1 virtual private networks: driving forces and realization by GMPLS

This article describes an emerging service for next-generation networks, layer 1 virtual private networks. L1VPNs allow customers desiring to connect multiple sites to be supported over a single shared layer 1 network. In the article we first describe the transport network's evolution and the shift in expectations of both service providers and customers. We provide an overview of the motivation for L1VPNs and examples of network usage. We follow by reviewing existing GMPLS mechanisms (addressing, discovery, and signaling) for realizing L1VPN functionality and identifying other work areas.     

International virtual private networks: Background and tariff survey

Carriers have positioned their networks and dedicated databases to help deliver a service which looks and feels like leased lines but is, in reality, delivered over the public switched telephone network (PSTN).     

Scalability implications of virtual private networks

This article gives an overview of the most promising technologies for service providers to offer virtual private network services. The focus is on the analysis of the scalability implications of these virtual private network mechanisms on existing service provider backbone networks. Very often, when deploying VPN services, service providers will be confronted with a trade-off between scalability and security. VPNs that require site-to-site interconnectivity without strong (cryptographic) security can be deployed in a scalable way based on the network-based VPN model, as long as the interaction between the customer and provider routing dynamics are controlled. VPNs that require strong (end-to-end) cryptographic security should be deployed according to the CPE-based VPN model, using the available IPsec protocol suite     

Support for resource-assured and dynamic virtual private networks

This paper describes VServ, a prototype architecture for a virtual private network (VPN) service, which builds and manages VPNs on demand. It allows each VPN to have guaranteed resources and customized control, and supports a highly dynamic VPN service where creation and modification operations can take place on fast timescales. These features are contingent on the automated establishment and maintenance of VPNs. A design process is described that attempts to satisfy the goals of both customer and VPN service provider (VSP). A pruned topology graph and tailored search algorithm are derived from the characteristics of the desired VPN. Although the searching procedure is theoretically intractable, it is shown that the complexity can be mitigated by a multitude of factors, VServ is built over the Tempest, a network control framework that partitions network resources into VPNs. An IP implementation of the Tempest is presented. Resource revocation is a mechanism that the VSP can use to react to violations of service level agreements-a protocol is described to enable graceful adaptation in the control plane to resource revocation events     

Layer 1 virtual private network management by users

The layer 1 virtual private network (LlVPN) technology supports multiple user networks over a common carrier transport network. Emerging L1VPN services allow: L1VPNs to be built over multiple carrier networks; L1VPNs to lease or trade resources with each other; and users to reconfigure an L1VPN topology, and add or remove bandwidth. The trend is to offer increased flexibility and provide management functions as close to users as possible, while maintaining proper resource access right control. In this article two aspects of the L1VPN service and management architectures are discussed: management of carrier network partitions for L1VPNs, and L1VPN management by users. We present the carrier network partitioning at the network element (NE) and L1VPN levels. As an example, a transaction language one (TL1) proxy is developed to achieve carrier network partitioning at the NE level. The TL1 proxy is implemented without any modifications to the existing NE management system. On top of the TL1 proxy, a Web services (WS)-based L1VPN management tool is implemented. Carriers use the tool to partition resources at the L1VPN level by assigning resources, together with the WS-based management services for the resources, to L1VPNs. L1VPN administrators use the tool to receive resource partitions from multiple carriers and partner L1VPNs. Further resource partitioning or regrouping can be conducted on the received resources, and leasing or trading resources with partner LlVPNs is supported. These services offer a potential business model for a physical network broker. After the L1VPN administrators compose the use scenarios of resources, and make the use scenarios available to the L1VPN end users as WS, the end users reconfigure the L1VPN without intervention from the administrator. The tool accomplishes LlVPN management by users     

On the cost of virtual private networks

A virtual private network (VPN) is a private data network that uses a nonprivate data network to carry traffic between remote sites. An “Intranet VPN” establishes network layer connectivity between remote Intranet sites by creating an IP overlay network over the nonprivate network, using various tunneling mechanisms. There are two approaches for establishing such tunnels: a “CPE-based approach” and a “network-based approach.” In the first approach, tunnels are established only between the CPE devices, whereas in the second approach tunnels are also established between the routers of the core nonprivate network. In this paper we address the problem of determining a CPE-based and a network-based layout of VPN tunnels while taking into account two factors: the cost of the links over which the VPN tunnels are established and the cost of the core routers that serve as end points for the VPN. We define related graph algorithm problems, analyze their complexity, and present heuristics for solving these problems efficiently     

虚拟专网VPN技术

随着Internet的广泛应用,虚拟专用网（VPN）技术越来越受到IT界的关注,本文从VPN的概念开始,介绍了VPN的基本原理,主要技术,业务分类及其在Internet中的应用,最后分析了其发展现状及市场前景。     

Secure virtual private networks: the future of data communications

The Internet is an almost ideal means for information retrieval and exchange. It is cost‐effective, easy to use and easily accessible. However, it can also be susceptible to devious practices such as data tempering, eavesdropping and theft. This paper analyses secure virtual private networks (VPNs) and their use in countering the problems of the Internet. Copyright © 1999 John Wiley & Sons, Ltd.     

Cognitive functionality in next generation wireless networks: standardization efforts [cognitive radio communications]

This article discusses recent standardization efforts related to cognitive radio focusing on the work of IEEE Standards Coordinating Committee 41, formerly known as IEEE 1900. Some important tasks to be performed by the CR standardization community also are presented. These tasks will expedite the introduction of CR devices to the market while promoting a fair use of scarce radio resources. Some avenues for using the currently available standards for rapid deployment of CR devices, such as ISO standards, also are discussed.     

IP/ MPLS over WDM网中考虑QoS的VPN业务设计

本文研究了在IP／MPLS over WDM网络中支持不同QoS要求的VPN业务的逻辑拓扑设计问题。对于给定的网络物理拓扑和业务需求矩阵，本文提出，基于不同时延要求的VPN业务逻辑拓扑设计可以运用两种方法加以解决。一为基于迭代的线性规划方法，适合于规模较小的网络。另一个为启发式算法，可运用于网络规模较大的环境。对比仿真结果表明，启发式算法不但较好地解决了不同QoS要求的VPN业务的选路和波长分配问题，还较好地降低了链路的最大负载。     

Implementation of multiple secure virtual private networks over passive optical networks using electronic CDMA

An optical layer solution for implementing multiple secure virtual private networks (VPNs) over a passive optical network (PON) using electronic code-division multiple access is proposed. The multiple virtual private networking capability is experimentally demonstrated with 40-Mb/s data multiplexed with a 640-Mb/s electronic code that is unique to each of the VPNs in the PON, and the transmission of the electronically coded data is carried out using Fabry-Pe/spl acute/rot laser diodes. Experimental results show that this technique can potentially support high data rate traffic while imposing minimal penalty resulting from optical beat interference.     

An optimal dynamic resources partitioning auction model for virtual private networks

In this paper, we consider the problem of optimizing the Internet Service Provider (ISP) profit by providing a periodic Dynamic Partitioning (DP) model for utilizing network resources in the context of Virtual Private Networks (VPN). In literature, Complete Sharing (CS), Complete Partitioning (CP), and Bandwidth Borrowing (BR) techniques have been proposed for resource allocation where the following limitations can be noticed: VPN operators can exaggerate about their required resources, resources might be underutilized, and optimal bandwidth utilization is not guaranteed. To overcome the above limitations, we propose to dynamically partition the resources over different QoS classes through periodic auctions that can reduce the reasoning of exaggeration and maximize the ISP profit. Thus, we formulate our problem based on the Integer Linear Programming (ILP) that allows us to maximize the ISP profit and provides the optimal: (1) set of profitable VPN connections, (2) bandwidth division of each network link among QoS classes, and (3) routing scheme for the accepted demand. Furthermore, the proposed ILP model allows us to study the sensitivity of the ISP profit to a targeted revenue objective.     

3G技术演进及标准化进展

介绍世界两大移动通信标准组织3GPP和3GPP2研究3G技术演进工作的情况,着重说明3G演进的需求和关键技术.     

Virtual source-based minimum interference path multicast routing in optical virtual private networks

Virtual Private Network (VPN) services over the Internet are gaining increased acceptance due to the economic benefits and flexibility. However, with difficulties of providing sufficient transmission capacity for value-added and mission-critical services, the Optical VPN (OVPN) deploying Dense Wavelength-Division Multiplexing (DWDM) technology has been seen as a favorable approach for realizing the future VPN services. In an OVPN, the Routing and Wavelength Assignment problem plays a key role for capacity utilization and therefore the Multicast Routing and Wavelength Assignment problem has been the dominant issue in a DWDM-based OVPN. In this paper, using Virtual Source (VS) nodes that have splitting and wavelength conversion capabilities, we propose a new Multicast Routing and Wavelength Assignment method for multicast sessions. The algorithm combines the VS-based tree generation approach with Multi-Wavelength Minimum Interference Path Routing (MW-MIPR) that chooses a path that does not interfere too much with potential future multicast session requests.     

Object-oriented specification of a bandwidth management system for ATM-based virtual private networks

This paper describes the specification of a bandwidth management system for ATM-based virtual private networks (vpn). Such a system allows a vpn customer to dynamically modify the bandwidth allocated to vpn connections. The analysis process focuses on the service management information model and interfaces required to provide that service to the customer. The specification work is performed according to a second generation object-oriented development method called Fusion. The vpn service and management architectures as well as the different actors involved are also described in detail.     

虚拟专用网络技术在计算机网络信息安全中的应用探讨

为了更好地实现计算机网络信息安全的保护管理,引入的虚拟专用网络技术发挥了重要的作用。文章就这种新的虚拟专用网络技术在计算机网络信息安全中的应用情况进行了深入的探讨分析,以及进一步分析了虚拟专用网络技术在计算机网络安全中的应用前景,希望对计算机网络信息的安全有很好的促进和保护作用。     

第二层和第三层 MPLS VPN

VPN技术正在得到日益广泛的应用,这其中 MPLS VPN技术由于成本和技术的优势越来越受到运营商的青睐。本文介绍了MPLS VPN的两种实现方式,第二层 MPLS VPN和第三层 MPLS VPN。从它们的实现原理、优缺点及应用范围等方面作了深入分析,并对于这两种技术的选择给出了考虑原则。