Customizable virtual private network service with QoS

Abstract In this paper, we propose and implement Virtual Network Service (VNS), a value-added network service for deploying virtual private networks (VPNs) in a managed wide-area IP network. The key feature of VNS is its capability of providing a customer with a VPN that is customizable with management capabilities and performance properties comparable to a dedicated physical network. In addition, VNS ensures confidentiality of data and principals through the use of IPSEC. The main technique underlying VNS is the virtualization of routers in both control and data planes. Virtualization of the control plane enables customizable routing and signaling per VPN. On the data plane, packet forwarding and link bandwidth are virtualized. Virtualization of the forwarding mechanism on the data plane enables forwarding of traffic according to each VPN's topology and policies. Virtualization of the link bandwidth enables each VPN to have guaranteed quality of service (QoS) and customized resource management policies. We have developed a VNS prototype for deployment on the CAIRN network. The VNS prototype implements several resource management mechanisms including packet scheduling, signaling and runtime monitoring. A graphical user interface enables service providers to manage, configure and deploy VPNs remotely.

[1]  Hui Zhang,et al.  Hierarchical packet fair queueing algorithms , 1996, SIGCOMM 1996.

[2]  Gary Scott Malkin,et al.  RIP Version 2 , 1998, RFC.

[3]  Van Jacobson,et al.  Link-sharing and resource management models for packet networks , 1995, TNET.

[4]  Andrew G. Malis,et al.  A Core MPLS IP VPN Architecture , 2000, RFC.

[5]  Peter Steenkiste,et al.  Darwin: customizable resource management for value-added network services , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[6]  W. Richard Stevens,et al.  TCP/IP Illustrated, Volume 2: The Implementation , 1995 .

[7]  Yakov Rekhter,et al.  BGP/MPLS VPNs , 1999, RFC.

[8]  Keith Sklower,et al.  A Tree-Based Packet Routing Table for Berkeley Unix , 1991, USENIX Winter.

[9]  Ion Stoica,et al.  A hierarchical fair service curve algorithm for link-sharing, real-time, and priority services , 2000, TNET.

[10]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[11]  Andrew T. Campbell,et al.  Spawning networks , 1999, IEEE Netw..

[12]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[13]  Jun Gao,et al.  A programmable router architecture supporting control plane extensibility , 2000, IEEE Commun. Mag..

[14]  David Meyer,et al.  Administratively Scoped IP Multicast , 1998, RFC.

[15]  Rolf Stadler,et al.  Integrated network management V : integrated management in a virtual world : proceedings of the Fifth IFIP/IEEE International Symposium on Integrated Network Management, San Diego, California, U.S.A, May 12-16, 1997 , 1997 .

[16]  Peter Steenkiste,et al.  A signaling protocol for structured resource allocation , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[17]  Keith Bostic,et al.  The design and implementa-tion of the 4.4BSD operating system , 1996 .

[18]  Ibrahim Khalil,et al.  An architecture for managing QoS-enabled VPNs over the Internet , 1999, Proceedings 24th Conference on Local Computer Networks. LCN'99.

[19]  Albert G. Greenberg,et al.  A flexible model for resource management in virtual private networks , 1999, SIGCOMM '99.

[20]  R. Braden,et al.  Resource Reservation Protocol (rsvp) , 1995 .

[21]  P. S. Nielsen,et al.  Management of virtual private networks for integrated broadband communication , 1993, SIGCOMM 1993.

[22]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[23]  Andrew J. T. Colin,et al.  The Implementation , 1972, Softw. Pract. Exp..

[24]  Armando P. Stettner The design and implementation of the 4.3BSD UNIX operating system , 1988 .

[25]  Peter Steenkiste,et al.  A programming interface for network resource management , 1999, 1999 IEEE Second Conference on Open Architectures and Network Programming. Proceedings. OPENARCH '99 (Cat. No.99EX252).

[26]  Luke M. Leslie,et al.  The Tempest-a practical framework for network programmability , 1998, IEEE Netw..

[27]  Luigi Fratta,et al.  ATM virtual private networks , 1995, CACM.

[28]  Mun Choon Chan,et al.  Customer Management and Control of Broadband VPN Services , 1997, Integrated Network Management.