Secure Hierarchical VPLS Architecture for Provider Provisioned Networks

Virtual private LAN service (VPLS) is a Layer 2 virtual private network technique that has gained enormous popularity in industrial networks. However, the deployment of legacy VPLS architectures in large-scale networks is challenging due to unresolved security and scalability issues. In this paper, we propose a novel hierarchical VPLS architecture based on host identity protocol. The proposed architecture tackles both security and scalability issues in legacy VPLS architectures. It secures the VPLS network by delivering vital security features such as authentication, confidentiality, integrity, availability, and secured control protocol. The security analysis and simulation results confirm that the proposed architecture is protected from various IP-based attacks as well. Theoretical analysis and simulation results have also verified that the proposed architecture provides scalability in control, forwarding, and security planes. Finally, the data plane performance of the proposed architecture is measured in a real-world testbed implementation.