Managed Dynamic VPN Service: Core Capacity Sharing Schemes For Improved VPN Performance Ravi S.Ravindran 1 , Changcheng Huang 1 , K.Thulasiraman 2 (1.Carleton University, Ottawa, 2.University of Oklahoma, Norman) Abstract—Managed service framework enables a service provider to offer more demanding and revenue generating services. IETF proposed Provider Provisioned IP-VPN service is a well known managed service. In [6] we first proposed a new framework to enable managed dynamic VPN service using the notion of topology abstraction. In [7] we proposed several distributed heuristics that can be applied in the context of [6]. The focus of this paper is to study the problem of enabling dynamic managed service using topology abstraction in a centralized manner whose objective is to maximize the network utilization and VPN call performance. The centralized scheme proposed in this paper applies the maximum concurrent flow theory and proposes two extensions to it. The two extension aims at improving the conservative nature of using maximum concurrent flow theory by improving the statistical multiplexing of available core network resources among the VPNs. We study the proposed approaches using a simulation environment of an IP/MPLS network providing managed IP-VPN service with appropriate extensions required to realize the components of the Managed Dynamic VPN Service as proposed in [6]. Keywords: IP-VPN Service, Topology Abstraction, Maximum Concurrent Flow. I. INTRODUCTION A Virtual Private Network (VPN) refers to a distributed network of geographically dispersed network entities belonging to the same authority virtualized as a private network by overlaying it over a service provider’s core network. A common form of VPN service that is well known is to connect branch offices belonging to an enterprise. In this form of connectivity there are two basic models of VPN depending on whether the VPN Service Provider (VSP) takes part in routing the packets from a VPN site. Based on this distinction we have Customer Premise Equipment (CPE) based VPN, in which the VSP is unaware of any VPN existence. In a CPE based VPN the provider only provides fixed bit rate pipes or virtual circuits over ATM or FrameRelay transport technologies between the sites. The other case is the peer based VPN service, where the VSP is VPN aware, and hence in addition to providing VPN connectivity, also participates in VPN routing. The latter case is of interest here. For insight into various areas of VPN research related to this paper, refer to works in [1]-[4] and references therein, which we do not summarize because of space constraint. In recent years IETF has evolved solutions to enable provider provisioned IP-VPN service over MPLS based transport network. A relevant standard proposed to realize managed IP-VPN service is the BGP/MPLS based solution proposed in [5]. The motivation for the requirement of dynamic VPN service proposed in [6] is based on the premise that, future networking services will have to address the need of bandwidth intensive applications such as high definition Video broadcast/multicast from an enterprises and access service providers, or mass online Interactive gaming that requires significant bandwidths for short windows of time during a day. The dynamic VPN service using topology abstraction proposed in [6] tries to achieve two key objectives. First is to enable dynamic bandwidth service that would enable the VSP to share information about the resource availability in the core with the VPNs using the notion of topology abstraction formerly used in routing protocols like PNNI for ATM networks for scalability reasons. Second is to have the proposed framework to be realized over current managed IP-VPN solutions such as in [5]. We henceforth refer to the service definition proposed in [6] as Managed Dynamic VPN Service (MDVS). One of the challenges of MDVS is to solve the problem of capacity exposed to the set of VPNs subscribing to MDVS. We called this problem as the VPN Topology Abstraction (VPN-TA) problem, and proposed distributed solutions to solve it in [7]. The key contribution of this paper is the use of Maximum- Concurrent flow (MConF) theory to solve a similar problem applied in a centralized context. In addition to showing a way to adapt MConF theory to solve VPN-CS problem, two improvements to it have also been proposed that aims to improve the observed conservative nature of applying MConF. The rest of the paper is organized as follows. Section 2 summarizes briefly MDVS framework and process proposed in [6]. Section 3 and 4 defines and formulates the VPN Core Capacity Sharing problem and discusses the heuristic and its extensions based on maximum concurrent flow theory. Section 5 presents simulation results that discuss the performance of heuristics suggested in this paper over an IP/MPLS environment implementing MDVS.