Scalability Considerations in BGP/MPLS IP VPNs

The scalability of the BGP/MPLS IP VPN solution is one of the main reasons for the wide deployment of this technology. This article first discusses the scaling properties of BGP/MPLS IP VPNs. Then, it explores more advanced topics, such as techniques for scaling the provider edge routers to support a large number of customers and enhancements for reducing the number of VPN route advertisements     

话音VPN

一、话音VPN的发展背景 VPN对企业应用并不新鲜。目前不少公司,不论其规模大小,已经多年采用基于IP方式的VPN传送大量数据流。而企业内的话音流则通常通过租用线路进行传送。由于话音与数据传送分开,即使话音和数据业务由同一个运营商提供,企业也需要采用两条不同的专线分别用于企业内不同的应用,因此给企业通信费用较少的中小企业带来了较大的经济负担。     

基于网络的虚拟专用网及应用技术研究

下一代网络是以业务驱动的网络,其中虚拟专用网(VPN)业务是目前可知的最有发展潜力的一种业务应用。本文根据国内外VPN相关标准,讨论了基于网络的虚拟专用网(NB VPN)的总体技术及相关的应用技术。     

Management of quality of service enabled VPNs

New emerging IP services based on differentiated services and the IP security architecture offer the level of communication support that corporate Internet applications need nowadays. However, these services add an additional degree of complexity to IP networks which will require sophisticated management support. The management of enhanced IP services for their customers is thus an emerging important task for Internet service providers. This article describes a potential management architecture service providers will need for that task, considering problems such as multiprovider services and service automation. We focus on a quality-enhanced virtual private network service which is particularly useful for corporate internetworking     

A Measurement-Based Prioritization Scheme for Smartphone Applications

Applications labeled with priorities can reduce energy consumption on smartphones for network traffic, by conserving up to 56 % energy under typical usage patterns. In this paper, we present a measurement-based prioritization scheme for smartphone applications, which labels each application with a priority. More specifically, we first conduct a measurement of application usage on Android smartphones based on the implementation of SystemSens. Based on the measurement results, we observe that two key features of receiving rate (RX rate) and screen touch rate (ST rate) extracted from netlog and screen data can reflect the network interactivity and improve the accuracy of the prioritization scheme as well. Then, with the two selected features, we propose an online solution that prioritizes applications on smartphones to conserve energy consumption. Finally, we evaluate the proposed prioritization scheme with data from a user study, and the results demonstrate that our scheme can accurately prioritize applications on smartphones most of the time.     

VPN用户管理中的资源代理

互联网的快速发展使得如何实现信息的安全传送和资源的充分利用成为亟需解决的两大问题，虚拟专用网（VPN）则为这两大问题提供了很好的解决方案。在传统的VPN环境中，是由VPN提供商管理VPN资源，而用户分配给他们的资源无法控制，但随着VPN应用越来越广泛，用户希望能根据自己的需求以及管理重点来个性化定制VPN网管系统。提出一种基于Web的虚拟网络资源管理体系结构的方案，并深入探讨了这一方案中资源代理的实现模型。     

BGP/MPLS VPN和IPSec VPN技术比较

当前,两种新兴的VPN技术:BGP/MPLSVPN和IPSecVPN越来越受到人们的关注。本文分别讨论了基于BGP/MPLS和IPSec来提供VPN业务的机制,评价了两种VPN解决方案,为网络管理者评估这两种方案提出了指导方针。     

mpls网络中访问多个VPN的实现

为了降低网络接入单位连接多个VPN网络的费用，通过采用mpls／BGP VPN技术、vlan技术和IEEE802.1q协议相结合的方法，设计出一种使网络接入用户只用一条接入线路和一台二层交换机就能连接多个VPN的技术方案。     

Measurement-Based Admission Control at Edge Routers

It is very important to allocate and manage resources for multimedia traffic flows with real-time performance requirements in order to guarantee quality of service (QoS). In this paper, we develop a scalable architecture and an algorithm for admission control of real-time flows. Since individual management of each traffic flow on each transit router can cause a fundamental scalability problem in both data and control planes, we consider that each flow is classified at the ingress router and data traffic is aggregated according to the class inside the core network as in a DiffServ framework. In our approach, admission decision is made for each flow at the edge (ingress) routers, but it is scalable because per-flow states are not maintained and the admission algorithm is simple. In the proposed admission control scheme, an admissible bandwidth, which is defined as the maximum rate of a flow that can be accommodated additionally while satisfying the delay performance requirements for both existing and new flows, is calculated based on the available bandwidth measured by edge routers. The admissible bandwidth is a threshold for admission control, and thus, it is very important to accurately estimate the admissible bandwidth. The performance of the proposed algorithm is evaluated by taking a set of simulation experiments using bursty traffic flows.     

A Study of Equivalence of Measurement-Based Admission Control Algorithmstud

1　IntroductionTheroleofanyadmissioncontrolalgorithmistoensurethattheadmittanceofanewflowintoaresource constrainednetworkdoesnotviolateservicecommitmentsmadebythenetworktoadmittedflows[1～ 3] .Therearetwobasicapproachestotheadmissioncontrol[4] :thefirst,whichwecalltheparameter basedapproach ,computesthenumberofnetworkresourcesrequiredtosupportasetofflowsgivenaprioriflowcharacteristics;thesecond ,themeasurement basedapproach ,reliesonthemeasure mentofactualtrafficloadinmakingadmissiondeci sions…     

一种基于MPLS VPN的QoS路由机制

文中提出一种基于MPLSVPN的QoS路由机制，通过隧道穿越IP骨干网连接MPLS站点，实现MPLSVPN的QoS路由，查找满足最低代价、最高带宽的链路，在更好地满足VPN中的各种业务对服务质量要求的同时，通过合理调配网络资源，提高了网络资源利用率，实现了可靠高效的QoS路由．     

MPLS VPN与传统专网的应用比较

作者从网络的安全性、扩展性、灵活性、可靠性、服务质量,以及维护管理、设备投资等诸方面对两种网络进行了比较。     

Robust Measurement-Based Admission Control Using Markov's Theory of Canonical Distributions

This paper presents models, algorithms and analysis for measurement-based admission control in network applications in which there is high uncertainty concerning source statistics. In the process it extends and unifies several recent approaches to admission control. A new class of algorithms is introduced based on results concerning Markov's canonical distributions. In addition, a new model is developed for the evolution of the number of flows in the admission control system. Performance evaluation is done through both analysis and simulation. Results show that the proposed algorithms minimize buffer-overflow probability among the class of all moment-consistent algorithms     

CATZ: Time-Zone-Aware Bandwidth Allocation in Layer 1 VPNs

The layer 1 virtual private network framework has emerged from the need to enable the dynamic coexistence of multiple circuit-switched client networks over a common physical network infrastructure. Such a VPN could be set up for an enterprise with offices across a wide geographical area (e.g., around the world or by a global ISP). Additionally, emerging IP over optical WDM technologies let IP traffic be carried directly over the optical WDM layer. Thus, different VPNs can share a common optical WDM core, and may demand different amounts of bandwidth at different time periods. This type of operation would require dynamic and reconfigurable allocation of bandwidth. This article evaluates the state of the art in layer 1 VPNs in the context of globally deployable optical networks and cost-efficient dynamic bandwidth usage. While exploiting the dynamism of IP traffic in a global network in which the nodes are located in different time zones, we study different bandwidth allocation methods for setting up a worldwide layer 1 VPN. We propose and investigate the characteristics of a cost-efficient bandwidth provisioning and reconfiguration algorithm, called capacity allocation using time zones (CATZ)     

Optimal Link Weights for IP-Based Networks Supporting Hose-Model VPNs

From traffic engineering point of view, hose-model VPNs are much easier to use for customers than pipe-model VPNs. In this paper we explore the optimal weight setting to support hose-model VPN traffic in an IP-based hop-by-hop routing network. We try to answer the following questions: (1) What is the maximum amount of hose-model VPN traffic with bandwidth guarantees that can be admitted to an IP-based hop-by-hop routing network (as opposed to an MPLS-based network), and (2) what is the optimal link weight setting that can achieve that? We first present a mixed-integer programming formulation to compute the optimal link weights that can maximize the ingress and egress VPN traffic admissible to a hop-by-hop routing network. We also present a heuristic algorithm for solving the link weight searching problem for large networks. We show simulation results to demonstrate the effectiveness of the search algorithm.     

New Architecture and Algorithms for Fast Construction of Hose-Model VPNs

Hose-model virtual private networks (VPNs) provide customers with more flexibility in specifying bandwidth requirements than pipe-model VPNs. Many hose-model VPN provisioning algorithms have been proposed, and they focus on the bandwidth efficiency in the construction of a single hose-model VPN. In practice, however, VPNs come and go and the dynamics will affect the performance of these VPN provisioning algorithms. If the frequency of adding and deleting VPNs is high, these algorithms will have a scalability problem. We propose in this paper a new network architecture for dynamic VPN construction. In the proposed architecture, adding a new VPN is much simpler and faster, and all that is required is to check if the edge routers have enough bandwidth. There is no need to check the bandwidth left on each internal link because the architecture guarantees that as long as the edge routers have enough capacities to accept the VPN, the internal links will never experience overflow caused by adding the new VPN. We present a linear programming formulation for finding the optimal routing that maximizes the amount of admissible VPN traffic in the network. We then exploit the underlying network flow structure and convert the linear programming problem into a subgradient iterative search problem. The resulting solution is significantly faster than the linear programming approach.     

Measurement-Based Achievable Throughput Estimation in IEEE 802.11a WLANs

Knowledge of dynamically changing achievable throughput is important in the design of an adaptive QoS-provisioning system over WLANs. In this letter, we introduce a novel measurement-based throughput estimation scheme and its practical realization for IEEE 802.11a WLAN environment. By utilizing traffic statistics measurements at the wireless AP (access point) in a timely manner, the proposed scheme estimates idle (i.e., remaining) channel time and converts it into available min/max throughput guidelines. Prototype realization in a Linux-based testbed verifies that the proposed scheme can estimate the available throughput with precision.     

An Effective Power-Aware At-Speed Test Methodology for IP Qualification and Characterization

Advanced nanometer technologies have led to a drastic increase in operational frequencies resulting in the performance of circuits becoming increasingly vulnerable to timing variations. The increasing process spread in advanced nanometer nodes poses considerable challenges in predicting post-fabrication silicon performance from timing models. Thus, there is a great need to qualify basic building structures on silicon in terms of critical parameters before they could be integrated within a complex System-on-Chip (SoC). The work of this paper presents a configurable circuit and an associated power-aware at-speed test methodology for the purpose of qualifying basic standard cells and complex IP structures to detect the presence of timing faults. Our design has been embedded within test-chips used for the development of the 28 nm Fully Depleted Silicon On Insulator (FD-SOI) technology node. The relevant silicon results and analysis validate the proposed power-aware test methodology for qualification and characterization of IPs and provide deeper insights for process improvements.     

IP switching-ATM under IP

Internet protocol (IP) traffic on the Internet and private enterprise networks has been growing exponentially for some time. This growth is beginning to stress the traditional processor-based design of current-day routers. Switching technology offers much higher aggregate bandwidth, but presently only offers a layer-2 bridging solution. Various proposals are under way to support IP routing over an asynchronous transfer mode (ATM) network. However, these proposals hide the real network topology from the IP layer by treating the data-link layer as a large opaque network cloud. We argue that this leads to complexity, inefficiency, and duplication of functionality in the resulting network. We propose an alternative in which we discard the end-to-end ATM connection and integrate fast ATM hardware directly with IP, preserving the connectionless nature of IP. We use the soft-state in the ATM hardware to cache the IP forwarding decision. This enables further traffic on the same IP flow to be switched by the ATM hardware rather than forwarded by IP software. We claim that this approach combines the simplicity, scalability, and robustness of IP, with the speed, capacity, and multiservice traffic capabilities of ATM