QoS-bae Virtua Private Networ Deign for an MPLS networ Anotai Sriitja an Davi Tier Det. of Information Science an Teecommunication Univerity of Pittburgh 5 N. Beefie Avenue, Pittburgh, PA 560 emai: anotai@i.itt.eu, tier@tee.itt.eu Abtract In thi aer, a VPN eign moe i rooe for the Next Generation Internet (NGI). With the ue of MutiProtoco Labe Switching (MPLS) in a bacbone networ, it i oibe to create mutie ogica in-tree (irecte mutioint-to-oint tree ening at one exit noe) carrying traffic of mutie VPN. Thi mae the VPN eign robem with MPLS ifferent from thoe of circuit-witche networ an connection-oriente acet networ uch a ATM. A big quetion i how to contruct a tree an how to incororate it in the networ eign moe. Here, the VPN eign i moee a a mixe integer rogramming (InP) otimization robem to minimize the cot of aying out a VPN uorting ifferent traffic tye an ervice cae on a given tooogy whie meeting QoS requirement. Reaizing a in-tree routing ath, the rooe moe aim to fin an otima VPN ayout uorting muti-ervice cae uring ifferent time erio (muti-hour erio) coniering that the traffic eman may vary uring the coure of the ay. Our numerica reut how that ue of in-tree aroach in VPN eign can greaty reuce the amount of banwith an the number of abe witche ath require. I. INTRODUCTION Virtua Private Networ (VPN) rovie a rivate an eicate environment over a hare rivate or ubic networ infratructure. With the avent of broaban technoogy, a eoyment of QoS-bae VPN uorting integrate ervice for voice, ata an vieo aication together over ubic ata networ aear to be economicay aeaing ince it aow a high-ee acce with erformance an Quaity of Service (QoS) guarantee. Major chaenge in eoying QoS-bae VPN over the Internet are eivering a erformance guarantee an ecurity aurance to a egree that i comarabe to a rea rivate networ. MutiProtoco Labe Switching (MPLS) technique rooe by IETF ue a abe-waing forwaring araigm to exeite a acet-forwaring roce [,]. MPLS rovie a connection-oriente, QoS-bae aroach to the NGI together with a traitiona, connectione beteffort aroach. Deoying MPLS over a IP networ mae it eaier for VPN ervice to rovie erformance at require eve. Since MPLS i eigne to have a traffic engineering caabiity, roviioning for traffic having ifferent QoS requirement in ifferent Cae of Service (CoS) i oibe []. In term of ecurity, another no-e imortant iue, the goa i to rotect VPN ata from maiciouy or accientay miconuct. IP Security Protoco (IPSec) [4] i aime to be ue for thi uroe. Uing MPLS, mutie VPN can be contructe on the ame networ through the ue of ifferent MPLS Forwar Equivaent Cae (FEC). FEC i ue to efine traffic that wi be forwar in the ame manner through a MPLS networ. Thu ifferent FEC wi be ue to caify traffic from ifferent VPN which may or may not ue the ame forwaring ath an may or may not hare a ortion of networ banwith. The ath through an MPLS networ can be a mutioint-to-oint ath or a in-tree ath ening at one exit noe. To guarantee erformance to VPN ervice a ervice rovier ha to be concerne with caacity roviioning an routing coexiting VPN having ifferent ervice cae an tooogie over the ame networ infratructure. In aition, in eigning a VPN, one mut be concerne with caabiity iue in orer to uort a arge number of cutomer. In another wor a we-eigne VPN mut be eay to manage an attain banwith efficiency. Over a MPLS networ, thi mean that the number of abe witche ath (LSP) an require abe mut be et ma. In term of caacity efficiency, ifferent eve of traffic aggregation may be coniere, for exame, aggregation of traffic from ifferent VPN beonging to the ame CoS, aggregation of traffic from ame VPN exiting at the ame egre noe, etc. From a eign erective, the concet of a virtua networ in genera can be aie to VPN. The notion of virtua networ ha ong been ue to refer to a ogica networ ayout over a networ architecture. VPN over a circuitwitche or an ATM networ, are often viewe a a ogica meh networ with oint-to-oint eman between noe air. A ogica fu-meh i a tooogy where each oint-tooint eman air i ineenenty given a ogica in that may be route over mutie witche-oint. The ue of in-tree ath in MPLS mae VPN eign robem iffer from thoe in traitiona connection-oriente networ reviouy mentione. Traffic of ifferent VPN with the ame QoS requirement may/may not be carrie on the ame routing tree an may/may not hare networ banwith. A big quetion i how to contruct a tree an how to incororate it in the networ eign moe. Ony recenty ha wor aeare on otimization moe to ove traffic engineering robem in genera over MPLS networ. In [5], author rovie integer rogramming formuation for fow aignment robem given a et of
oint-to-oint LSP an it can be extene to ove a caacity anning robem. However, evera trivia aumtion are mae incuing : (i) one-to-one reationhi between traffic trun an LSP (ii) no aggregation, e-aggregation an merging of LSP. (iii) the moe i vai ony if one or more feaibe oution exit. [6] rooe the ue of mutioint-tooint LSP in fow aignment robem. A et of re-eecte LSP i force to incue at eat two route which o not hare any inge noe to each ingre/egre noe. The otimization moe aim to minimize the maximum in oa without coniering cot of in caacity. Reaizing a in-tree routing ath, thi aer rooe mathematica formuation for the robem of VPN eign in orer to imutaneouy fin otima VPN ogica tooogie an their imenion over a ervice rovier IP infratructure uorting MPLS to carry muti-ervice, muti-hour VPN traffic from variou cutomer. Here we exoit re-comute in-tree ath (mutioint-to-oint ath) over which VPN traffic i route in a MPLS core networ. In the moe, ifferent eve of banwith aggregation/mutiexing occur acro ifferent ervice cae an route within one VPN, but not acro ifferent VPN. It i ceary hown that uch robem formuation yie a NP-har comexity. Therefore, reiminary wor i conucte for ime cae where ony inge-ervice, inge-hour VPN traffic i coniere. Obtaining the oution to thi robem rovie a benchmar meaure an a guiance to oution feaibiity. II. SINK-TREE LSP PATH A reviouy mentione, a abe witche ath (LSP) in MPLS can be a mutioint-to oint ath referre in here a a in-tree ath. A cear benefit i it caabiity ince fewer LSP mut be create comare to uing a oint-to-oint ath between each eman air. The number of abe require i ao maer. Thu management i imer. For exame, aying a fu-meh eign where there i a oint-to-oint ath between a noe-air to a N -noe networ, the tota number of LSP require i N ( N ). However, thi number can be reuce to N ath uing a in-tree eign. Figure iay a fu-meh veru in-tree eign for a -noe VPN over an 8-noe MPLS networ. Aume that there i a irectiona eman of one unit between -noe air in VPN networ an each in in the MPLS networ ha one unit cot. A fu-meh eign require 6 LSP comare to LSP in in-tree eign. Both eign ue the ame in in MPLS networ. However, the firt yie 4 unit cot whie, in the atter, the cot i reuce to. The cot aving reut from the caacity efficiency gain attaine, when traffic i merge in a in-tree eign. III. VPN DESIGN METHODOLOGY The eign of VPN i execte to be a art of the traffic engineering roceure that can be one offine to obtain the VPN routing an an virtua networ in (VNL) imenion. Thi i hown in Figure. During an oerationa 4 (a) 4 5 6 Overay VPN Networ Service Provier MPLS Networ 5 Fu-Meh Deign Service Provier MPLS Networ (b) Sin-tree Deign Figure : Fu-meh veru in-tree eign erio, networ management wi monitor the change in traffic attern networ tooogy or in cot metric. When it notice any change that wi invaiate the current etting it wi tart a goba otimization roceure to o an offine recomutation. Note that, the otimization roceure can be one earatey for each VPN or jointy for a VPN to achieve a true otima oution. For QoS-bae VPN over MPLS, the rooe networ eign roce aim to fin the otima ogica in-tree() an it imenion o a to minimize the tota networ cot whie atifying QoS contraint. Three main ta are invove in the eign roce: (i) Tree generation/eection, (ii) Dimenioning an (iii) Routing Otimization. The firt ta i concerne with generating a caniate et of ogica tree for a given ource an a et of etination. The econ ta i to fin a banwith that wi be aocate to each in in a tree whoe banwith may/may not be hare by ifferent VPN traffic. The at ta aim to fin an otima route aignment for a given traffic eman. In genera, thee three main ta can be ove ineenenty or jointy. The networ tooogy an noe ocation (e.g. ocation of MPLS ege router an core router) wi be ue to generate mutioint-to-oint tree ath which are eecte bae on traffic QoS contraint. For intance, a boun on maximum eay can be tranate into a maximum ho imitation. A recomute ath et i ue in the otimization moe over which the otima route an caacity requirement are etermine. The banwith aocation/imenion of the virtua networ hou rovie ufficient Grae-of-Service (GoS) (e.g., connection bocing robabiity) an fairne to ifferent ervice whie atifying evera erformance 6
- Networ tooogy an noe ocation - QoS contriant (Maximum eay requirement) Path Seection Proceure Caniate Tree Generation Feaibe Tree Seection Off-ine Goba Otimization Proceure n - GoS - Pacet o robabiity Effective Banwith Cacuation Virtua Networ Dimenioning Virtua Lin Dimenioning VPN n VPN - Traffic eman matrix - Qo Deth = Deth = n- Networ Route Otimization - Lin cot matrix 4 n (a) Sin-tree with -ho eth (b) Sin-tree with (n-)-ho eth Change in networ tooogy VPN otima routing an an Virtua in imenion On-ine Traffic Otimization an Monitoring Change in in cot Figure : VPN traffic engineering roceure Change in traffic eman contraint at the traffic ayer uch a acet o rate an eay. In aition, coniering the effect of tatitica mutiexing among ifferent connection (when oibe), banwith aocation can be reuce. Here, we ue the concet of effective banwith to rereent ervice rate require by each traffic connection beonging to ifferent ervice cae. Effective banwith cacuation wi encauate the QoS requirement in term of acet o rate an eay. Thu by uing the concet of effective banwith, traffic fow with ifferent characteritic an QoS requirement can be rereente a being teay with a eterminitic banwith requirement. Thi imifie our otimization moe. Laty, the routing otimization wi otimay aign a route to a traffic eman, given a et of caniate route an in caacitie. Other than minimizing cot of aying out a given traffic, a route aignment may ao aim to baance the oa acro the networ uch that the number of over-utiize in an uner-utiize in i reuce. IV. TREE SELECTION The choice of a tree i imortant a it affect the goone of the oution obtaine an the comutation time. To reuce the robem ize (an thu comutation time) for a arge networ, a recomute caniate et of tree wi be ue in the moe over which the otima route an caacity requirement are etermine. A ath et wi be generate for each ource an it etination given the hyica networ tooogy. Thi et wi be imite by a maximum ho-count aowe between each ource-etination air uch that the maximum en-to-en eay i boune. The choice of a routing tree ao affect the caacity require an if banwith of traffic fow i aggregate an mutiexe Figure : Sin-tree routing ath for n noe when they are merge at one noe. For connection within the ame ca of ervice, in which a tatitica mutiexing can be achieve, a certain art of aocate banwith can be hare among them. Hence, in tree eection, there i a trae off, between minimizing an en-to-en eay requirement veru minimizing cot of in caacity. Shown in Figure are two ifferent choice of a in-tree for n noe. The eth of a tree i efine a the itance between the root noe an a eave noe. Figure (a) how a in-tree of -ho ath with a maximum eth of. Thi choice of a tree yie a minimum eay between eman noe-air but, ince -ho ath merge at the root noe, no banwith aggregation i oibe. Ooitey, the tree in Figure (b) with a eth of (n-) yie a maximum banwith gain ue to tatitica mutiexing at a in after the merge oint. Different tye of tree incuing anning tree hortet (itance) ath tree an Steiner tree (minimum-cot tree) are among otentia choice. V. MPLS-VPN DESIGN FORMULATIONS Given a networ tooogy, noe ocation an in caacity, an otimization moe i formuate for VPN eign. A hyica networ i rereente by a grah G ( N, L, C) where N, L, C i a et of noe in an in caacitie of the networ reectivey. M ( M N ) i a et of ege noe (ege router) where there i a eman traffic entering or exiting. Thu N M rereent a et of core noe (core router). The comete notation of the formuation i given beow. For each in L, utiization factor α imit the roortion of the in caacity C to be aocate for VPN traffic. Thi utiization factor may be ue to rotect certain in from being overy ubcribe or ubjecte to otentia congetion. For exame, a maer vaue of α may be aigne to in connecting to core-router than one connecting to ege-router. Thi factor i aume to be nown.
A. Notation α Maximum utiization factor of in L K Deman et inex, M P ν, Set of feaibe in-tree ening at noe N anning a noe m M of ervice ca S of VPN D, Set of oint-to-oint eman air in eman et B, h, Y K K of ervice ca S of VPN ν V Banwith requirement of eman air ν D ν, of ervice ca S of VPN uring hour-erio h H Sizing (tooogy) variabe caacity aigne to VPN traffic on in L ψ Cot of a caacity on in L U ν, Caacity at in L aocate to VPN uring h X hour-erio h H Deman-ath routing eciion variabe = if ath P i ue for eman et K of ervice ca S of VPN uring hour erio h H = 0 otherwie γ, Lin ath incience matrix = if eman air D ν, of et K that ue ath P i irecte uing in L =0 otherwie EB Etimate BW requirement of a eman tye K on in L of ervice ca S of VPN uring hour-erio h H ( B, T Q ) Equivaent banwith cacuation function for traffic in ervice ca S with requirement of banwith amount B ( with traffic ecritor T an quaity of ervice requirement Q ) Eqv, B. Traffic Deman The comete matrix of VPN traffic eman i aume to be given. It can be erive from a SLA (Service Leve Agreement), between cutomer an ervice rovier. SLA tyicay ecify variou cae of ervice an how much traffic in each ervice ca a uer i aowe to en. In more etai, for each ource-etination (ingre-egre) noe-air, the matrix of each VPN ecifie the require banwith an it QoS arameter (i.e., en-to-en eay requirement, eay jitter). Traffic eman D, wi be aigne a route bae on it egre noe where K M, cae the eman et inex. K, C. Seection of Caniate Path Feaibe in-tree or mutioint-to-oint ath are ue in the otimization moe where a traffic eman may be aigne. The feaibe ath et P ν, can be re-comute for VPN ν an ervice ca having ifferent QoS requirement (i.e., maximum en-to-en eay requirement). A ath P i eecte from caniate in-tree ath which are anning tree roote at egre noe K an anning over a the ege noe m M or a ubet of the ege noe. Set of caniate ath can be generate by enumerating a itinctive anning tree. Agorithm to etermine thee tree can be foun in reviou wor incuing [7]. The maximum en-to-en eay requirement i tranate in to the ho-count imitation contraint. Thi contraint wi imit the ath et where ony feaibe ath are eecte from a caniate ath. D. Banwith Cacuation The banwith requirement at each in wi be etimate bae on an effective banwith cacuation [8] where the traffic arameter uch a connection ea rate an it burtine are taen into account. Two cae of ervice in a ifferentiate ervice moe are coniere incuing remium/guarantee ervice an aure ervice. ( i ) Premium Service In the remium ervice ca acet o eay an eay jitter mut be boune. The traffic of thi ca require an aboute banwith guarantee. Thu each traffic connection in thi ca i aocate a banwith equa to a ource ea rate R ea. Auming that η connection are mutiexe within one in, tota aocate banwith ( Eqv ) Eqv = η R () ea where η i erive from an invere Erang formuation uch that a grae of ervice contraint (GoS) of a connection (i.e., connection bocing robabiity - P ) i met. b η = InvErang( a, P ) () b where a i the ource utiization or an offere oa of a connection. ( ii ) Aure Service In the aure ervice ca aication are execte to have the abiity to toerate a certain amount of eay an o. For thi traffic ca a mean banwith guarantee i ony neee aong with a tatitica eay boun. In banwith cacuation, ource traffic in the aure ervice ca i aume to be characterize by it ource ea rate - R, ea utiization factor - ρ, an mean burt erio - b. In thi cae, the aocate banwith ( Eqv ) i e than η R. Eqv { m + α σ, cˆ } = min η i ea η ()
where α = n( ε ) n( π ) given m a mean bit rate, σ a variance bit rate, an ε buffer overfow robabiity. Equivaent caacity etimation for each ource ĉ i a + ( a ) + 4ρ a = R (4) cˆ i ea a where a = b B ( ρ) nε aume that B buffer ize an ε acet o ratio are nown. The number of connection η mutiexe can be foun a before from an invere Erang formuation. E. Genera Cae without Banwith Aggregation Uing a in-tree routing ath, traffic eman can be merge within the networ, thu the require banwith after the merge oint can be aocate earatey for each eman-air or mutiexe together within the ame ervice ca. The atter yie a reuction in banwith requirement eeciay for traffic in the aure ervice ca ue to a tatitica mutiexing gain. The baic formuation are given beow. The moe aume that the foowing are given: (i) in utiization factor α an the in caacity C, (ii) et of traffic eman air ν an banwith requirement B D,,, (iii) a recomute in-tree ath et correoning in ath incience matrix formuation ee to fin VPN in caacity aocation an it route X, h, i P ν, γ, U ν, h ν for a VPN in each hour erio. an a. The Formuation-I how the cae where there i no banwith aggregation. The objective of the formuation i to minimize the tota caacity cot in roviing ervice to a VPN. For each VPN, ervice ca an hour erio, contraint (5) eect ony one ath from a re-comute et of feaibe in-tree ath ening at egre noe P for each eman et. Contraint (6) (9) imoe that caacity aigne at each in mut not be greater than a utiization imit of in caacity ( α C ). Note that, in contraint (6), the caacity cacuation i one earatey for each traffic eman-air. Contraint (0) an () require that routing variabe an caacity aignment variabe mut be oitive. Thi formuation yie ifferent route aignment an caacity aocation at ifferent hour-erio. Formuation-I Minimize ψ Y X P L =, H h, S, K (5) EB ν, h, = Eqv B,T,Q γ X ν, h,, ν, h, D ν, P ν,, h H, S, K, L EB U ν, h S K, h H, L U Y ; : ν, h (6) (7) h H, L (8) Y α C L (9) X ν { 0, }, h,, h H, S, K, P Y 0 L (0) () F. Genera Cae with Banwith Aggregation. Here, we introuce a cae where banwith of variou traffic eman i aggregate at in where oibe. The aggregation ony occur within a eman et etine to the ame egre noe of a VPN. In thi cae, the objective function an contraint are imiar to reviou cae excet for contraint (6) i reace by (). The tota traffic eman route on one in i aggregate an banwith aocation i one together. Formuation-II Minimize ψ Y L (5), (7), (8), (9), (0), (), an EB = Eqv B γ X, T, Q, D P ν, :, H h, S, K, L VI. PRELIMINARY NUMERICAL STUDY () The mixe-integer formuation for the VPN eign robem, hown reviouy, have a NP-har comexity. A imifie verion of thee formuation can be erive when we ony conier traffic eman of VPN having one ervice ca an hour-erio. Thu the formuation-i can be reuce to: Formuation-III Minimize ψ Y L X = K () P
( B T Q) X Y,, γ, Eqv K D P Y α C ; : { 0, } L (4) L (5) X K, P Y 0 (6) L (7) In the ame manner, the formuation-ii can be reuce to : Formuation-IV Minimize ψ Y L (), (5), (6), (7), an Eqv B X T Q γ,,, K D P Y L (8) Obtaining a oution to robem tate in formuation-iii an IV i eaier than one in formuation-i an II. A iot tuy wa conucte by tranating formuation-iii an IV uing the AMPL moe ecrition anguage an oution i obtaine uing CPLEX 6.6 otimization over imementing a branch an boun oution technique. The networ tuie were ma networ with 8 an 0 noe with equa caacity in-cot, hown in Figure 4. The caacity of each in C wa et to C L = 000 ;, o that caacity wa not a imiting factor. Different cae are hown in Tabe. For cae-i, aymmetric oa of fixe eman wa tuie that i there wa one unit of eman from each noe to every other noe. For cae-ii, a ymmetric oa of eman wa coniere with the eman generate from a Uniform(,5) itribution. For cae-iii, an aymmetric oa of eman wa tuie with nonzero eman ony from a ubet of networ noe. The noe with nonzero eman were ranomy eecte with a ranom oa rawn from a Uniform(,5) itribution. From Tabe, one can ee that the otima oution obtaine from a in-tree eign with no banwith aggregation are not ifferent from one obtaine from a fumeh eign. It i oberve that a ath ue in a in-tree eign (with no banwith aggregation) i imy a hortetath tree. Thi i imiar to a fu-meh eign where a eman i route aong a hortet ath. In term of cot, when banwith aggregation i coniere in a in-tree eign, a cot reuction i reaize aroximatey by 0-40 ercent in a cae. Thi i becaue traffic eman may be route uing a in-tree ath that i ifferent from a hortet ath tree. Note that there i a huge ifference in the number of LSP ue between the in-tree an fu-meh eign aroache. In orer to obtain a oution to genera cae robem, where muti-ervice an muti-hour erio are coniere, an where mutie VPN ayout are imutaneouy (a) 8-noe networ (b) 0-noe networ Figure 4 : Networ uner tuy otimize, one ee to fin more efficient oution metho ue to the robem comexity. Reut from the iot tuy ugget that a heuritic metho may tart out it earch from a o-cae near-otima oution obtaine by routing eman traffic uing hortet-ath tree then ee out a better oution a it move aong a rojecte irection within a feaibe earch ace. One may ay variou heuritic technique exore in the iterature, uch a greey agorithm, imuate anneaing, or genetic agorithm, to ove thi robem. VII. CONCLUSION In thi aer we have formuate the MPLS bae mutihour VPN eign robem with an without banwith aggregation. We moee a VPN a mutie ogica in tree which reuce the number of abe witch ath an aow the oibiity of banwith aving. Same numerica reut for ifferent tuie cae how that a in-tree eign with no banwith aggregation yie the ame oution a a fu-meh eign where eman wa route aong a hortet-ath. However, when banwith aggregation i coniere in a in-tree eign, eman wa route aong a tree that i ifferent from a hortet-ath tree uch that a in caacity aignment can be maer an the tota caacity cot reuction i reaize. REFERENCES [] E. Roen, A. Viwanathan, an R. Caon, "Mutirotoco Labe Switching Architecture," RFC 0, January, 00. [] B. Davie an Y. Rehter, MPLS : technoogy an aication San Francico: Morgan Kaufmann Pubiher 000. [] D. Awuche, et a., "Requirement for Traffic Engineering Over MPLS," RFC 70, Setember, 999. [4] S. Kent an R. Atinon, "Security architecture for the Internet Protoco," RFC 40, November, 998. [5] K. M. Girih, B. Zhou, an J.-Q. Hu, "Formuation of the Traffic Engineering Probem in MPLS bae IP Networ" Proceeing ISCC 000. Fifth IEEE Symoium on Comuter an Communication., Lo Aamito CA, USA,. 4-9, 000.
[6] H. Saito, Y. Miyao, an M. Yohia, "Traffic Engineering uing Mutie mutioint-to-oint LSP" IEEE INFOCOM 000,. 894-90, March, 000. [7] N. Chritofie Grah Theory an Agorithmic Aroach, Lonon: Acaemic Pre Inc., 986. [8] R. Guerin, H. Ahmai, an M. Naghhineh, "Equivaent Caacity an It Aication to Banwith Aocationin High-See Networ" 7th ITC Seminar, Morritown, NJ, October, 990. Tooogy Otima Cot Fu-Meh Deign Simex Iteration No. of LSP Sin-Tree() Deign (w/o BW aggregation) Simex Iteration Otima Cot No. of LSP Sin-Tree() Deign (with BW aggregation) Simex Iteration Otima Cot No. of LSP Cae I : Symmetric fixe-oa 8-noe 04 54 56 04 4 8 56 47 8 0-noe 74 6 90 74 08 0 90 95 0 Cae II : Symmetric variabe-oa 8-noe 46 64 56 46 99 8 0,06 8 0-noe 56 90 56 4 0 40 4,9 0 Cae III : Aymmetric variabe-oa 8-noe 66 4 66 0 7 05 9 7 0-noe 76 5 6 7 9 565 7 Tabe : Comarion for ifferent eign cae