Customizable virtual private network service with QoS

In this paper, we propose and implement Virtual Network Service (VNS). a va lue-added network service for deploying virtual private networks (VPNs) in a managed wide-area LP network. The key feature of VNS is its capability of providing a customer with a VPN that is customizable with management capab ilities and performance properties comparable to a dedicated physical netwo rk. In addition, VNS ensures confidentiality of data and principals through the use of IPSEC. The main technique underlying VNS is the virtualization of routers in both control and data planes. Virtualization of the control p lane enables customizable routing and signaling per VPN. On the data plane, packet forwarding and link bandwidth are virtualized. Virtualization of th e forwarding mechanism on the data plane enables forwarding of traffic acco rding to each VPN's topology and policies. Virtualization of the link bandw idth enables each VPN to have guaranteed quality of service (QoS) and custo mized resource management policies. We have developed a VNS prototype for d eployment on the CAIRN network. The VNS prototype implements several resour ce management mechanisms including packet scheduling, signaling and runtime monitoring. A graphical user interface enables service providers to manage , configure and deploy VPNs remotely. (C) 2001 Elsevier Science B.V. All ri ghts reserved.