Active networking approach to the design of adaptive virtual private networks

As virtual private networks (VPNs) penetrate into the internetworking community, they face a number of challenges, such as the requirement for on-demand creation and termination of tunnels, flexible services and interface features allowing for easy integration with a wide range of applications, and extended geographical reach through dynamic installation of services. We present a novel approach to the design of an adaptive VPN framework that can offer flexible, portable services and customizable VPN mechanisms to provide on-demand secure tunnels in a dynamic environment. We base our approach on the active networking technology, which is a networking paradigm that inserts intelligence into the network by offering a dynamic programming capability to network routers. The proposed architecture implements encryption, key management and data integrity services to support VPN functions. Experimental results from our test bed provide latency and throughput measurements. We discuss four deployment scenarios that can take advantage of the adaptive VPN services: a) dynamic secure multicast trees; b) Secure item look-ups in online auction systems; c) secure code distribution; and d) secure agent traversal.