论文信息 - On Layered VPN Architecture for Enabling User-Based Multiply Associated VPNs

On Layered VPN Architecture for Enabling User-Based Multiply Associated VPNs

In our previous work, we have proposed a new VPN architecture for enabling user-based multiply associated VPNs [1]. Almost all existing VPN technologies assume that users never simultaneously access more than a single VPN. Thus, for realizing a new VPN service allowing users to simultaneously join multiple VPNs, several fundamental mechanisms, such as dynamically changing user’s VPN association status according to the user’s request and authorizing user’s access to a group of VPNs, are required. In this paper, we propose a layered VPN architecture for realizing user-based multiply associated VPN. Our layered VPN architecture consists of three network levels such as PNL (Physical Network Level), LNL (Logical Network Level), and UNL (User Network Level). First, we discuss and classify functions required for each network level. We then present several approaches for implementing each network level using existing layer 2, 3, and 4 networking technologies, and quantitatively evaluate their advantages and disadvantages from several viewpoints including scalability and transmission speed.

[1] Marco Carugi,et al. Service Requirements for Layer 3 Provider Provisioned Virtual Private Networks (PPVPNs) , 2005, RFC.

[2] Stephen T. Kent,et al. Security Architecture for the Internet Protocol , 1998, RFC.

[3] Makoto IMASE,et al. VPN Architecture Enabling Users to be Associated with Multiple VPNs , 2003 .

[4] Ross W. Callon,et al. A Framework for Layer 3 Provider-Provisioned Virtual Private Networks (PPVPNs) , 2005, RFC.

[5] Eric C. Rosen,et al. Multiprotocol Label Switching Architecture , 2001, RFC.

[6] Ieee P . ad. Virtual Bridged Local Area Networks-Amendment 4 : Provider Bridges , 2003 .

[7] Virtual Bridged,et al. IEEE Standards for Local and Metropolitan Area Networks: Specification for 802.3 Full Duplex Operation , 1997, IEEE Std 802.3x-1997 and IEEE Std 802.3y-1997 (Supplement to ISO/IEC 8802-3: 1996/ANSI/IEEE Std 802.3, 1996 Edition).

[8] Yakov Rekhter,et al. BGP/MPLS VPNs , 1999, RFC.

[9] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[10] Glen Zorn,et al. Layer Two Tunneling Protocol "L2TP" , 1999, RFC.

[11] Ananth Nagarajan. Generic Requirements for Provider Provisioned Virtual Private Networks (PPVPN) , 2004, RFC.