Implementing Virtual Privat Network in Small to Medium Sized Enterprises

Nowadays enterprises rely heavily on computer systems for storing and processing vital information, IT plays a major role in their businesses therefore all these systems must be safe and reliable. Computer networks are a major part of all these technologies; they provide the essential link between them, connecting them into one unified information network. However, the main requirement in all this is to implement a proper security system that will keep all these information secure and protect the privacy. Small or medium-sized enterprises need to have their branches interconnected with a rapid, reliable, cost-effective access to their resources. The ability to reach important company resources enables the employees to be more flexible and productive, especially when they have the flexibility to access those resources from remote offices, home, or when traveling. This level of connectivity is a core component of IT strategy in today’s business world and is critical for staying ahead of the competition. Virtual Private Networks (VPN), present businesses a solution to this need. A VPN allows an enterprise to build a secure communication network by leveraging the public Internet as a low-cost transportation mechanism. This increasing use of VPN is one of the key growth drivers for the increased deployment of firewalls

Providing guaranteed QoS in the hose-modeled VPN

With the development of the Internet, Internet service providers (ISPs) are required to offer revenue-generating and value-added services instead of only providing bandwidth and access services. Virtual Private Network (VPN) is one of the most important value-added services for ISPs. The classical VPN service is provided by implementing layer 2 technologies, either Frame Relay (FR) or Asynchronous Transfer Mode (ATM). With FR or ATM, virtual circuits are created before data delivery. Since the bandwidth and buffers are reserved, the QoS requirements can be naturally guaranteed. In the past few years, layer 3 VPN technologies are widely deployed due to the desirable performance in terms of flexibility, scalability and simplicity. Layer 3 VPNs are built upon IP tunnels, e.g., by using PPTP, L2TP or IPSec. Since IP is best-of-effort in nature, the QoS requirement cannot be guaranteed in layer 3 VPNs. Actually, layer 3 VPN service can only provide secure connectivity, i.e., protecting and authenticating IP packets between gateways or hosts in a VPN. Without doubt, with more applications on voice, audio and video being used in the Internet, the provision of QoS is one of the most important parts of the emerging services provided by ISPs. An intriguing question is: Is it possible to obtain the best of both layer 2 and 3 VPN? Is it possible to provide guaranteed or predictable QoS, as in layer 2 VPNs, while maintaining the flexibility and simplicity in layer 3 VPN? This question is the starting point of this study. The recently proposed hose model for VPN possesses desirable properties in terms of flexibility, scalability and multiplexing gain. However, the classic fair bandwidth allocation schemes and weighted fair queuing schemes raise the issue of low overall utilization in this model. A new fluid model for provider-provisioned virtual private network (PPVPN) is proposed in this dissertation. Based on the proposed model, an idealized fluid bandwidth allocation scheme is developed. This scheme is proven, analytically, to have the following properties: 1) maximize the overall throughput of the VPN without compromising fairness; 2) provide a mechanism that enables the VPN customers to allocate the bandwidth according to their requirements by assigning different weights to different hose flows, and thus obtain the predictable QoS performance; and 3) improve the overall throughput of the ISPs\u27 network. To approximate the idealized fluid scheme in the real world, the 2-dimensional deficit round robin (2-D DRR and 2-D DRR+) schemes are proposed. The integration of the proposed schemes with the best-effort traffic within the framework of virtual-router-based VPN is also investigated. The 2-D DRR and 2-D DER-+ schemes can be extended to multi-dimensional schemes to be employed in those applications which require a hierarchical scheduling architecture. To enhance the scalability, a more scalable non-per-flow-based scheme for output queued switches is developed as well, and the integration of this scheme within the framework of the MPLS VPN and applications for multicasting traffics is discussed. The performance and properties of these schemes are analyzed

A policy-based architecture for virtual network embedding

Network virtualization is a technology that enables multiple virtual instances to coexist on a common physical network infrastructure. This paradigm fostered new business models, allowing infrastructure providers to lease or share their physical resources. Each virtual network is isolated and can be customized to support a new class of customers and applications. To this end, infrastructure providers need to embed virtual networks on their infrastructure. The virtual network embedding is the (NP-hard) problem of matching constrained virtual networks onto a physical network. Heuristics to solve the embedding problem have exploited several policies under different settings. For example, centralized solutions have been devised for small enterprise physical networks, while distributed solutions have been proposed over larger federated wide-area networks. In this thesis we present a policy-based architecture for the virtual network embedding problem. By policy, we mean a variant aspect of any of the three (invariant) embedding mechanisms: physical resource discovery, virtual network mapping, and allocation on the physical infrastructure. Our architecture adapts to different scenarios by instantiating appropriate policies, and has bounds on embedding efficiency, and on convergence embedding time, over a single provider, or across multiple federated providers. The performance of representative novel and existing policy configurations are compared via extensive simulations, and over a prototype implementation. We also present an object model as a foundation for a protocol specification, and we release a testbed to enable users to test their own embedding policies, and to run applications within their virtual networks. The testbed uses a Linux system architecture to reserve virtual node and link capacities

Design and operating plan for a communications infrastructure able to offer ISP and Data Center services.

Las tecnologías de la información (TI) cada vez juegan un papel más importante en los negocios de hoy en día. Empresas de todo tipo y dimensiones aumentan su demanda e invierten con el objetivo de incrementar la competitividad en el mercado en el que se encuentran. Ante esta situación, se plantea un modelo de negocio en el que tanto la infraestructura de comunicaciones como los sistemas de una empresa cualquiera puedan ser proporcionados mediante un interlocutor único y especializado en soluciones globales de TI. El interlocutor proveería y/o gestionaría las comunicaciones LAN y WAN, además de ofrecer servicios centralizados de Data Center que permitiría a las empresas tanto a disminuir costes en infraestructuras como a despreocuparse por la necesidad de disponer de personal técnico cualificado

Overcoming Bandwidth Fluctuations in Hybrid Networks with QoS-Aware Adaptive Routing

With an escalating reliance on sensor-driven scientific endeavors in challenging terrains, the significance of robust hybrid networks, formed by a combination of wireless and wired links, is more noticeable than ever. These networks serve as essential channels for data streaming to centralized data centers, but their efficiency is often degraded by bandwidth fluctuations and network congestion. Especially in bandwidth-sensitive hybrid networks, these issues present demanding challenges to Quality of Service (QoS). Traditional network management solutions fail to provide an adaptive response to these dynamic challenges, thereby underscoring the need for innovative solutions. This thesis introduces a novel approach leveraging the concept of Software-Defined Networking (SDN) to establish a dynamic, congestion-aware routing mechanism. This proposed mechanism stands out by comprising a unique strategy of using bandwidth-based measurements, which help accurately detect and localize network congestion. Unlike traditional methodologies that rely on rigid route management, our approach demonstrates dynamic data flow route adjustment. Experimental data indicate promising outcomes with clear improvements in network utilization and application performance. Furthermore, the proposed algorithm exhibits remarkable scalability, providing quick route-finding solutions for various data flows, without impacting system performance. Thus, this thesis contributes to the ongoing discourse on enhancing hybrid network efficiency in challenging conditions, setting the stage for future explorations in this area

A policy-based architecture for virtual network embedding (PhD thesis)

Network virtualization is a technology that enables multiple virtual instances to coexist on a common physical network infrastructure. This paradigm fostered new business models, allowing infrastructure providers to lease or share their physical resources. Each virtual network is isolated and can be customized to support a new class of customers and applications. To this end, infrastructure providers need to embed virtual networks on their infrastructure. The virtual network embedding is the (NP-hard) problem of matching constrained virtual networks onto a physical network. Heuristics to solve the embedding problem have exploited several policies under different settings. For example, centralized solutions have been devised for small enterprise physical networks, while distributed solutions have been proposed over larger federated wide-area networks. In this thesis we present a policy-based architecture for the virtual network embedding problem. By policy, we mean a variant aspect of any of the three (invariant) embedding mechanisms: physical resource discovery, virtual network mapping, and allocation on the physical infrastructure. Our architecture adapts to different scenarios by instantiating appropriate policies, and has bounds on embedding enablesciency, and on convergence embedding time, over a single provider, or across multiple federated providers. The performance of representative novel and existing policy configuration are compared via extensive simulations, and over a prototype implementation. We also present an object model as a foundation for a protocol specification, and we release a testbed to enable users to test their own embedding policies, and to run applications within their virtual networks. The testbed uses a Linux system architecture to reserve virtual node and link capacities

Tragedy of the routing table: An analysis of collective action amongst Internet network operators

S.M. thesisThis thesis analyzes and discusses the effectiveness of social efforts to achieve collective action amongst Internet network operators in order to manage the growth of the Internet routing table. The size and rate of growth of the Internet routing table is an acknowledged challenge impeding the scalability of our BGP interdomain routing architecture. While most of the work towards a solution to this problem has focused on architectural improvements, an effort launched in the 1990s called the CIDR Report attempts to incentivize route aggregation using social forces and norms in the Internet operator community. This thesis analyzes the behavior of Internet network operators in response to the CIDR Report from 1997 to 2011 to determine whether the Report was effective in achieving this goal. While it is difficult to causally attribute aggregation behavior to appearance on the CIDR report, there is a trend for networks to improve their prefix aggregation following an appearance on the CIDR Report compared to untreated networks. This suggests that the CIDR Report did affect network aggregation behavior, although the routing table continued to grow. This aggregation improvement is most prevalent early in the study period and becomes less apparent as time goes on. Potential causes of the apparent change in efficacy of the Report are discussed and examined using Ostrom s Common Pool Resource framework. The thesis then concludes with a discussion of options for mitigating routing table growth, including the continued use of community forces to better manage the Internet routing table.S.M

Analysis of collective action amongst Internet network operators

Thesis (S.M. in Technology and Policy)--Massachusetts Institute of Technology, Engineering Systems Division, Technology and Policy Program; and, (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2011.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student submitted PDF version of thesis.Includes bibliographical references (p. 157-163).This thesis analyzes and discusses the effectiveness of social efforts to achieve collective action amongst Internet network operators in order to manage the growth of the Internet routing table. The size and rate of growth of the Internet routing table is an acknowledged challenge impeding the scalability of our BGP interdomain routing architecture. While most of the work towards a solution to this problem has focused on architectural improvements, an effort launched in the 1990s called the CIDR Report attempts to incentivize route aggregation using social forces and norms in the Internet operator community. This thesis analyzes the behavior of Internet network operators in response to the CIDR Report from 1997 to 2011 to determine whether the Report was effective in achieving this goal. While it is difficult to causally attribute aggregation behavior to appearance on the CIDR report, there is a trend for networks to improve their prefix aggregation following an appearance on the CIDR Report compared to untreated networks. This suggests that the CIDR Report did affect network aggregation behavior, although the routing table continued to grow. This aggregation improvement is most prevalent early in the study period and becomes less apparent as time goes on. Potential causes of the apparent change in efficacy of the Report are discussed and examined using Ostrom's Common Pool Resource framework. The thesis then concludes with a discussion of options for mitigating routing table growth, including the continued use of community forces to better manage the Internet routing table.by Stephen Robert Woodrow.S.M.S.M.in Technology and Polic