Abstract The route configuration of Virtual Private Networks (VPNs) over a given physical network isaddressed considering the protection. We analyze protection at two different layers, first whenthe operator protects the virtual links of the VPN and second when the protection is done withinthe VPN. The problem is formulated as a general model without specializing to any particularnetwork type, however the proposed methods can be used for various SDH, ATM, IP, MPLS andWR-DWDM Networks. The service demands of VPNs are characterized by the bandwidthrequirements of node-pairs. Given the capacity matrix of the physical network and the trafficdemand matrices of the VPNs, the protected VPN configuration is sought which minimizes thenumber of links used by the VPNs, and results in global optimum. Numerical results fromcalculations on sample networks show the properties of the protection at different layers. Introduction Virtual Private Networks have been increasingly wide-spread and used recently. More and more usersrequire privacy and QoS guarantees over the public network infrastructure. Virtual Private Networks supportthe communication requirements of a closed group of users with special handling of privacy and security. Thetypical application of VPNs is remote access for joint project workers, or for a home user to access thecompany intranet. Privacy and security is handled by the upper communication layers, however the planning ofthe Virtual Private Networks over a physical network is a key question considering the operating costs. Toensure reliability the design must be prepared for failures. Therefore, the VPNs will have redundancy, aworking and a protection path will be spanned between the node pairs. The route determination of the VPNsobeying link capacity constraints must be optimized considering the requirements for the protection.VPNs share the link bandwidth and the node resources among each other but the idea has severaladvantages. We do not have to build our own physical private network, only configure VPNs that reduces costs.When a VPN is inactive other VPNs can use its physical resources, and even in contrast to physical links, theVPNs can be simply reconfigured. The secure data transfer among the VPNs is provided by encryption of thecommunication. VPNs can be applied to different network architectures, e.g. to ATM or IP or to Multi-ServiceNetworks. A VPN- Diffserv solution is proposed in [1].Our model deals with
[1]
Rahul Garg,et al.
Fair bandwidth sharing among virtual networks: a capacity resizing approach
,
2000,
Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).
[2]
Debasis Mitra,et al.
A case study of multiservice, multipriority traffic engineering design for data networks
,
1999,
Seamless Interconnection for Universal Services. Global Telecommunications Conference. GLOBECOM'99. (Cat. No.99CH37042).
[3]
K. G. Ramakrishnan,et al.
Optimization and Design of Network Routing Using Refined Asymptotic Approximations
,
1999,
Perform. Evaluation.
[4]
Yakov Rekhter,et al.
Mpls: Technology and Applications
,
2000
.
[5]
N. Anerousis,et al.
Dynamic virtual network dimensioning in cost-sensitive environments
,
1999,
Seamless Interconnection for Universal Services. Global Telecommunications Conference. GLOBECOM'99. (Cat. No.99CH37042).
[6]
K. G. Ramakrishnan,et al.
Virtual private networks: joint resource allocation and routing design
,
1999,
IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).