Virtual Circuit (VC)-based VPN

A broadband virtual private network (VPN) is a service that provides broadband transmissioncapability between islands of customer premises networks (CPNs) (Figure 1). It is a centralbuilding block for constructing a global enterprise network (EN) which interconnects geographically separate CPNs. A VPN service involves several administrative domains: the customer domain, the domain of the VPN service provider--also called "value added serviceprovider" (VASP)--, and one or more carrier domains [SCH93]. As a result, it is necessary toaddress the aspects of multi-domain management in the context of VPN service managementand provisioning ([LEW95], [TSC95]). The scope of this paper is limited to the customerdomain and the interaction between the customer domain and the VPN provider domain.Traditionally, leased line circuits based on STM (SDH/SONET) technology have been used forproviding VPN services [YAM91]. The speed of the circuit can be changed by customer-provider cooperative control. However, dynamic bandwidth adjustment for leased line circuits isinefficient and costly compared to ATM-based services, which place no restriction on the linespeeds the customer can choose from [HAD94].Service providers are beginning to offer broadband VPN services using ATM transport networks. Two common approaches are Virtual Circuit (VC)-based VPN services ([SAY95]) andVP-based VPN services [ATS93]. These services provide ATM logical links between separateCPNs. In the case of a VC-based VPN service, the customer requests a new VC from the provider for every call to be set up over the VPN. Bandwidth control and management betweencustomer and provider is performed per VC. In the case of a VP-based VPN service, customerscan perform their own call and resource control for a given VP, without negotiating with theENCPNCPNCPNVPNUNIFigure 1 Customer's view of a virtual private network.VPN provider. Bandwidth control and management between customer and provider is performed per VP. VC-based and VP-based VPN services replace today's leased line services.They offer customers more flexibility in dynamically requesting adjustments in the VPNcapacity. Since networks typically exhibit a dynamic traffic pattern, such a technique of rapidprovisioning will result in lower cost for the customer, because pricing is expected be based onthe VPN capacity per time interval allocated to the enterprise network. A VPN is accessed viacommon user-network physical interfaces (UNIs).A Virtual Path Group (VPG)-based VPN service has been proposed to enhance customer control over the VPN [CHA96a]. The Virtual Path Group (VPG) concept has been introduced tosimplify virtual path dynamic routing for rapid restoration in a carrier network [HAD89]. In aVPG-based VPN service, a VPG is defined as a logical link within the public network provider's ATM network. Figure 2 shows a VPG-based Virtual Private Network connecting 3CPNs. A VPG is permanently set up between two VP cross connect nodes or between a VPcross connect node and a CPN switch that acts as a customer access point for the VPN service.A VPG accommodates a bundle of VPs that interconnect end-to-end customer access points.The VPN provider allocates bandwidth to a VPG, which defines the maximum total capacityfor all VPs within the VPG. A VPG-based VPN consists of a set of interconnected VPGs.VPs and VPGs are set up by the network management system of the VPN provider during theVPN configuration phase. Only the network management systems must know about the routesof the VPGs, their assigned bandwidth, and the VPs associated with them. The use of VPGshas no impact on cell switching, as cells are transmitted by VP cross connect nodes based ontheir VP identifier. In order to guarantee cell-level QOS in the carrier's network, policing functions (Usage Parameter Control) are required at the entrance of each VPG.The VPG concept enhances the customer's capability for VP capacity control. It allows transparent signalling and dynamic VP bandwidth management within the customer domain. A customer can change the VP capacities, within the limits of the VPG capacities, withoutinteracting with the provider. As a result, the VPG bandwidth can be shared by VPs with different source-destination pairs. Furthermore, customers can independently achieve the optimum balance between the resources needed for VP control and the resources needed to handlethe traffic load.