Lightweight, dynamic and programmable virtual private networks

Abstract

A Virtual Private Network (VPN) that exists over a public network infrastructure like the internet is both cheaper and more flexi- ble than a network comprising dedicated semi-permanent links such as leased-lines. In contrast to leased-line private networks , the topology of such a VPN can be altered on-the-fly, and its lightweight natu re means that creation and modification can take place over very short timescales. In a programmable networking environment, such VPNs can be en- hanced with fine-grained customer control right down to the l evel of the physical network resources, allowing a VPN to be employed for almost any conceivable network service. This paper examines some of the issues present in the provision of programmable VPNs. In particular, automated VPN "design" is considered, that is, how a VPN description can be trans- lated to a set of real physical resources that meets customer requirements while also satisfying the goals of the VPN Service Provider (VSP). This problem—the distribution of resource allocations across network nodes in an optimal manner—has relevance for other approaches to VPN provision such as differentiated services in the internet (1). The work described in this paper was carried out using a pro- grammable networks infrastructure based on the switchlets mecha- nism (2). It shows that automated VPN creation resulting in a guaran- teed resource allocation is a feasible procedure that works well for both the VSP and for the customer that has requested a VPN. The problems in- herent in dynamic VPN reconfiguration are also briefly explor ed together with the methods by which these might be addressed.