Lightweight, dynamic and programmable virtual private networks

A Virtual Private Network (VPN) that exists over a public network infrastructure like the Internet is both cheaper and more flexible than a network comprising dedicated semi-permanent links such as leased tines. In contrast to leased-line private networks, the topology of such a VPN can be altered on-the-fly, and its lightweight nature means that creation and modification can take place over very short timescales. In a programmable networking environment, such VPNs can be enhanced with fine-grained customer control right down to the level of the physical network resources, allowing a VPN to be employed for almost any conceivable network service. The paper examines some of the issues present in the provision of programmable VPNs. In particular, automated VPN “design” is considered, that is, how a VPN description can be translated to a set of real physical resources that meets customer requirements while also satisfying the goals of the VPN Service Provider (VSP). This problem-the distribution of resource allocations across network nodes in an optimal manner-has relevance for other approaches to VPN provision such as differentiated services in the Internet. The work presented was carried out using a programmable networks infrastructure based on the switchlets mechanism (J.E. van der Merwe and I. Leslie, 1997). It shows that automated VPN creation resulting in a guaranteed resource allocation is a feasible procedure that works well for both the VSP and for the customer that has requested a VPN. The problems inherent in dynamic VPN reconfiguration are also explored, together with the methods by which these might be addressed