Enhancing security, scalability and flexibility of virtual private LAN services

Abstract Ethernet based VPLS (Virtual Private LAN Service) networks are now becoming attractive in many enterprise applications due to simple, protocol-independent and cost efficient operation. However, new VPLS applications demand additional requirements, such as elevated security, enhanced scalability and improved flexibility. This paper summarized the results of a thesis which focused to increase the scalability, flexibility and compatibility of secure VPLS networks. First, we propose a scalable secure flat-VPLS architecture based on Host Identity Protocol (HIP) to increase the forwarding and security plane scalability. Then, a secure hierarchical-VPLS architecture has been proposed by extending the previous proposal to achieve control plane scalability as well. To solve the compatibility issues of Spanning Tree Protocol (STP) in VPLS networks, a novel Distributed STP (DSTP) is proposed. Lastly, we propose a novel SDN (Software Defined Networking) based VPLS (SoftVPLS) architecture to overcome tunnel management limitations in legacy secure VPLS architectures. Simulation models and testbed implementations are used to verify the performance of proposed solutions