Measurement-Based Characterization of IP VPNs

Virtual Private Networks (VPNs) provide secure and reliable communication between customer sites. With the increase in number and size of VPNs, providers need efficient provisioning techniques that adapt to customer demand by leveraging a good understanding of VPN properties. In this paper, we analyze two important properties of VPNs that impact provisioning: 1) structure of customer endpoint (CE) interactions and 2) temporal characteristics of CE-CE traffic. We deduce these properties by computing traffic matrices from SNMP measurements. We find that existing traffic matrix estimation techniques are not readily applicable to the VPN scenario due to the scale of the problem and limited measurement information. We begin by formulating a scalable technique that makes the most out of existing measurement information and provides good estimates for common VPN structures. We then use this technique to analyze SNMP measurement information from a large IP VPN service provider. We find that even with limited measurement information (no per-VPN data for the core) we can estimate traffic matrices for a significant fraction of VPNs, namely, those constituting the "Huband-Spoke" category. In addition, the ability to infer the structure of VPNs holds special significance for provisioning tasks arising from topology changes, link failures and maintenance. We are able to provide a classification of VPNs by structure and identify CEs that act as hubs of communication and hence require prioritized treatment during restoration and provisioning.

[1]  Albert G. Greenberg,et al.  Resource management with hoses: point-to-cloud services for virtual private networks , 2002, TNET.

[2]  M. Bertero,et al.  Ill-posed problems in early vision , 1988, Proc. IEEE.

[3]  Shivkumar Kalyanaraman,et al.  Statistical Point-to-Set Edge-Based Quality of Service Provisioning , 2003, QofIS.

[4]  Amit Kumar,et al.  Provisioning a virtual private network: a network design problem for multicommodity flow , 2001, STOC '01.

[5]  Michael A. West,et al.  Bayesian Inference on Network Traffic Using Link Count Data , 1998 .

[6]  Lei Zhang,et al.  Provisioning virtual private networks in the hose model with delay requirements , 2005, 2005 International Conference on Parallel Processing (ICPP'05).

[7]  Amit Kumar,et al.  Algorithms for provisioning virtual private networks in the hose model , 2002, TNET.

[8]  Cao,et al.  Time-Varying Network Tomography : Router Link , 2000 .

[9]  Christophe Diot,et al.  Traffic matrix estimation: existing techniques and new directions , 2002, SIGCOMM 2002.

[10]  Shivkumar Kalyanaraman,et al.  Edge-based QoS provisioning for point-to-set assured services , 2002, 2002 IEEE International Conference on Communications. Conference Proceedings. ICC 2002 (Cat. No.02CH37333).

[11]  Arnold Neumaier,et al.  Solving Ill-Conditioned and Singular Linear Systems: A Tutorial on Regularization , 1998, SIAM Rev..

[12]  Albert G. Greenberg,et al.  Fast accurate computation of large-scale IP traffic matrices from link loads , 2003, SIGMETRICS '03.

[13]  K. K. Ramakrishnan,et al.  Trade-offs in resource management for virtual private networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[14]  Carsten Lund,et al.  An information-theoretic approach to traffic matrix estimation , 2003, SIGCOMM '03.

[15]  Y. Vardi,et al.  Network Tomography: Estimating Source-Destination Traffic Intensities from Link Data , 1996 .

[16]  Yakov Rekhter,et al.  BGP/MPLS VPNs , 1999, RFC.

[17]  Anja Feldmann,et al.  Deriving traffic demands for operational IP networks: methodology and experience , 2001, TNET.

[18]  K. K. Ramakrishnan,et al.  Measurement based characterization and provisioning of IP VPNs , 2004, IMC '04.

[19]  I. Craig,et al.  Inverse Problems in Astronomy, A guide to inversion strategies for remotely sensed data , 1986 .