Computer Laboratory

Technical reports

Dynamic provisioning of resource-assured and programmable virtual private networks

Rebecca Isaacs

September 2001, 145 pages

This technical report is based on a dissertation submitted December 2000 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Darwin College.


Virtual Private Networks (VPNs) provide dedicated connectivity to a closed group of users on a shared network. VPNs have traditionally been deployed for reasons of economy of scale, but have either been statically defined, requiring manual configuration, or else unable to offer any quality of service (QoS) guarantees.

This dissertation describes VServ, a service offering dynamic and resource-assured VPNs that can be acquired and modified on demand. In VServ, a VPN is both a subset of physical resources, such as bandwidth and label space, together with the means to perform fine-grained management of those resources. This network programmability, combined with QoS guarantees, enables the multiservice network – a single universal network that can support all types of service and thus be efficient, cost-effective and flexible.

VServ is deployed over a network control framework known as Tempest. The Tempest explicitly distinguishes between inter- and intra-VPN resource management mechanisms. This makes the dynamic resource reallocation capabilities of VServ viable, whilst handling highly dynamic VPNs or a large number of VPNs. Extensions to the original implementation of the Tempest to support dynamically reconfigurable QoS are detailed.

A key part of a dynamic and responsive VPN service is fully automated VPN provisioning. A notation for VPN specification is described, together with mechanisms for incorporating policies of the service provider and the current resource availability in the network into the design process. The search for a suitable VPN topology can be expressed as a optimisation problem that is not computationally tractable except for very small networks. This dissertation describes how the search is made practical by tailoring it according to the characteristics of the desired VPN.

Availability of VServ is addressed with a proposal for distributed VPN creation. A resource revocation protocol exploits the dynamic resource management capabilities of VServ to allow adaptation in the control plane on a per-VPN basis. Managed resource revocation supports highly flexible resource allocation and reallocation policies, allowing VServ to efficiently provision for short-lived or highly dynamic VPNs.

Full text

PS (0.5 MB)

BibTeX record

  author =	 {Isaacs, Rebecca},
  title = 	 {{Dynamic provisioning of resource-assured and programmable
         	   virtual private networks}},
  year = 	 2001,
  month = 	 sep,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-516}