TOPOLOGICAL DESIGN OF MULTIPLE VPNS OVER MPLS NETWORK Anotai Sriitja David Tier Det. of Information Science and Teecommunications University of Pittsburgh N. Beefied Avenue, Pittsburgh, PA 60 ABSTRACT With the deoyment of MPLS over a core IP bacbone, it is ossibe for a service rovider to buit Virtua Private Networs (VPNs) suorting various casses of services with QoS guarantees. Efficienty maing a ogica ayout of VPNs over a service rovider networ is an imortant traffic engineering rocedure. The use of sin-tree (mutioint-to-oint) routing aths in a MPLS networ maes the VPN design robem different from traditiona design aroaches where a fu-mesh of oint-to-oint aths often is the choice. Cear benefits of using sin-tree aths are reduction in the number of abe switch aths and bandwidth saving due to arger granuarities of bandwidth aggregation within the networ. In this aer, the VPN design over MPLS, using sin-tree routing, is formuated as a mixed integer rogramming robem to simutaneousy find otima VPNs ogica tooogies and their dimensions to carry muti-service, muti-hour VPNs traffic from various customers. The mode exoits a recomuted set of sin-tree aths over which VPNs traffic is routed in a MPLS networ. It is ceary shown that such a robem formuation yieds a NP-hard comexity. Here, we roose tree seection heuristics aiming to scae the VPN design robem by choosing a sma-but-good candidate set of feasibe sin-tree aths. Numerica resuts are given showing the advantages of the roosed aroach. INTRODUCTION Virtua Private Networs (VPNs) rovide a rivate and dedicated environment over a shared rivate or ubic networ infrastructure. The deoyment of QoS-based VPNs suorting integrated services for voice, data and video aications over a ubic Internet is economicay aeaing since it aows a high-seed access with erformance and Quaity of Service (QoS) guarantees. MutiProtoco Labe Switching (MPLS) [,] with traffic engineering caabiity aows QoS-based VPNs to be efficienty buit on to of IP networ architecture. To guarantee erformance to VPN service a service rovider has to be concerned with caacity rovisioning and routing coexisting VPNs having different service casses and tooogies over the same networ infrastructure. Generay, a we designed VPN must be easy to manage whie maintaining bandwidth efficiency. Over a MPLS networ, this imies that the number of abe switched aths (LSPs) and required abes must be et sma. In term of caacity efficiency, different granuarities of traffic aggregation may be considered, for exame, aggregation of traffic from different VPNs within the same Casses of Service (CoS), aggregation of traffic from same VPNs exiting at the same egress router, etc. Traditionay, VPNs over a connection-oriented networ such a circuit-switched or an ATM networ, are often viewed as a ogica fu-mesh networ with oint-to-oint demand between node airs. More secificay, in a ogica fu-mesh tooogy, each demand air is indeendenty given a ogica in which is a oint-to-oint ath going through mutie switched-oints. In MPLS networ however, a route can be a oint-to-oint ath as we as a mutioint-to-oint ath or a sin-tree ath ending at an egress router. This attribute maes the VPN design robem different from those in traditiona connectionoriented networs. Exoiting sin-tree ath traffic demand can be merged/aggregated not ony at the edge router where the traffic demand enters the networ but at the core router inside the networ. Overa, the use of sintree aths not ony reduces the number of abe switch aths but romotes the bandwidth aggregation within the networ, thu aowing the ossibiity of bandwidth savings. In this manner, traffic of different VPNs with the same QoS requirement may/may not be carried on the same routing tree and may/may not share a ortion of networ bandwidth. A big question is how to construct a tree and how to incororate it in the networ design mode.
Ony recenty has wor aeared on otimization modes to sove traffic engineering robems over MPLS networs. In [], authors rovided integer rogramming formuations for fow assignment robem given a set of oint-to-oint LSPs and it can be extended to sove a caacity anning robem. However, severa trivia assumtions are made incuding : one-to-one reationshi between traffic truns and LSP no aggregation, deaggregation and merging of LSPs. Sato et a. [] roosed the use of mutioint-to-oint LSPs in fow assignment robem. A set of re-seected LSPs is forced to incude at east two routes which do not share any singe node to each ingress/egress node. The otimization mode aims to minimize the maximum in oad without considering cost of in caacity. Reaizing a sin-tree routing ath, this aer rooses a mathematica formuation for the robem of VPN design in order to simutaneousy find otima ogica tooogies of mutie VPNs and their dimensions over a service rovider IP/MPLS core networ. The roosed mode incororates muti-service, muti-hour design with the objective in minimizing tota caacity cost. The recomuted set of candidate sin-tree aths (mutioint-tooint aths) wi be used in the mode to determine a route assignment for VPNs traffic. In this aer, we have deveoed the roosed design mode and comared it against a fu-mesh design. However, the otima soution can not be obtained within a reasonabe time due to the comexity of the robem. Therefore, a tree seection heuristics is deveoed aiming to scae the VPN design robem by choosing a sma-but-good candidate set of feasibe sin-tree aths. Numerica resuts show the advantages of the roosed aroach. SINK-TREE LSP PATH As reviousy mentioned, a abe switched ath (LSP) in MPLS can be a mutioint-to-oint ath referred to here as a sin-tree ath. One cear benefit of using a mutioint-tooint ath is its scaabiity since fewer LSPs must be created as comared to using a oint-to-oint ath between each demand air. This aso resuts in a smaer number of forwarding abes needed at each MPLS router and thus maes it simer to manage for a medium to arge networ. For exame, aying a fu-mesh design, where there are oint-to-oint aths between a node-air to a N node networ, the tota number of LSPs required is N ( N ). However, this number can be reduced to N using a sintree design. Figure disays a fu-mesh versus sin-tree design for a -node VPN over an 8-node MPLS networ. Assume that there is a directiona demand of one unit between -node airs in the VPN networ and each in in the MPLS networ has one unit cost. A fu-mesh design requires 6 LSPs comared to LSPs in sin-tree design. Both designs use the same ins in MPLS networ. However, the first yieds a unit cost of whie, in the atter, the cost is reduced to. The cost saving resuts from the caacity efficiency gain attained when traffic is merged in a sin-tree design. MPLS-VPN DESIGN MODELS Given a networ tooogy, node ocation and in caacity, an otimization mode is formuated for VPN design over MPLS networ. A hysica networ is reresented by a grah G ( N, L, C) where N, L, C is a set of node ins and in caacities resectivey. M ( M N ) is the set of edge nodes (edge routers) where there is a demand traffic entering or exiting. Thu N M reresents the set of core nodes (core routers). The comete notation of the formuation is given beow. For each in L, utiization factor α imits the roortion of the in caacity C to be aocated for a VPNs traffic. This utiization factor may be used to rotect certain ins from being overy subscribed or subjected to otentia congestion. For exame, a smaer vaue of α may be assigned to ins connecting to core-routers than ones connecting to edge-routers. Here, the comete matrix of VPNs traffic demand is assumed to be given. For each source-destination (ingress-egress) node-air, the matrix of each VPN secifies the required bandwidth and its QoS arameters (i.e., end-to-end deay requirement and acet oss robabiity). In the mode, traffic demand D ν, wi be assigned a route based on its egress node where K M, caed the demand set index. 6 Overay VPN Networ 6 Service Provider MPLS Networ (a) Fu-Mesh Design Service Provider MPLS Networ (b) Sin-tree Design Figure. Fu-mesh versus sin-tree design K,
A. Notation α Maximum utiization factor of in L K Demand set index, K M P s ν, Set of feasibe sin-trees ending at node N sanning a nodes m M of service cass s S of VPN D ν, Set of oint-to-oint demand airs in demand set K of service cass s S of VPN B d, h, d D, Bandwidth requirement of demand air ν of service cass s S of VPN during houreriod h H Sizing (tooogy) variabe caacity assigned to VPN traffic on in L Y ψ Cost of a caacity on in L U, h ν Caacity at in L aocated to VPN ν V during hour-eriod h H X Demand-ath routing decision variabes ν, = if ath P s is used for demand set K of service cass s S of VPN during hour eriod h H = 0 otherwise, d γ Lin ath incidence matrix = if demand air d Dν, of set K that uses ath P is directed using in L = 0 otherwise EB ν Estimated BW requirement of a demand tye, h, K on in L of service cass s S of VPN during hour-eriod h H ( B, Ts Qs ) Equivaent bandwidth of traffic in service cass s S with requirement of bandwidth B (with traffic descritor T s and quaity of service requirement Eqv, Q s ) B. Bandwidth Cacuation The bandwidth requirements at each in wi be estimated based on an effective bandwidth cacuation [] where traffic arameters such as connection ea rate and its burstiness are taen into account. Two casses of services in a differentiated service mode are considered incuding remium/guaranteed service and assured service. In the remium service cas aications require an absoute bandwidth guarantee. Thus each traffic connection in this cass is aocated a bandwidth equa to a source ea rate R. Assuming that η connections are mutiexed within one in, the tota aocated bandwidth is Eqv = η R ea () where η is derived from an inverse Erang formuation such that a grade of service constraint (GoS) of the connection (i.e., connection bocing robabiity - P b ) is met. When a is the source utiization or an offered oad of a connection, η = InvErang ( a, Pb ) () In the assured service cas aications are exected to have the abiity to toerate a certain amount of deay and oss. For this traffic cas a mean bandwidth guarantee is sufficient aong with a statistica deay bound. In bandwidth cacuation, source traffic in the assured service cass is assumed to be characterized by its source ea rate - R, utiization factor - ρ, and mean burst eriod - b. In this case, the aocated bandwidth may be ess than η R. Eqv = min { η m + α σ, η ci ˆ } () where α = n( ε ) n( π ) given m a mean bit rate, σ a variance bit rate, and ε buffer overfow robabiity. Equivaent caacity estimation for each source ĉ i is α b( R B + c ˆi = ( α b( B) R α b( + Bα bρ ( R () where a = n( /ε ), assuming that B buffer size and ε acet oss ratio are nown. The number of connections η mutiexed can be found as before from an inverse Erang formuation. C. VPNs Design Formuation The robem of muti-hour VPNs design can be formuated as VPWBA mode shown beow. The formuation simutaneousy sees to find VPN in caacity aocation U ν, and route assignment X for h a VPNs eriodicay every hour. Using a recomuted sin-tree routing ath, traffic demand can be merged within the networ, thus the required bandwidth after the merged oint can be aocated by aggregated bandwidth of mutiexed traffic within the same service cass. VPWBA : Minimize ψ Y Subject to : P L X =, h H, s S, K () EB = Eqv B d γ X, T Q s s, d, d Dν, P
, H U EB ν, h s S K h, s S, K, L U Y h ν,, H (6) h, L (7) h H, L (8) Y α C L (9) X { 0,}, h H, s S, K, P (0) Y 0 L () The objective of the formuation is to minimize the tota caacity cost in aocating networ bandwidth to a VPNs. For each VPN, service cas and hour eriod, constraint () seects ony one ath from a re-comuted set of feasibe sin-tree aths ending at egress node P for each demand set. Constraints (6) (9) imose that caacity assigned at each in is not greater than a utiization imit of in caacity ( α C ). Note that, in constraint (6), the caacity is aocated for aggregated traffic within a demand set destined to the same egress node of a VPN. Constraints (0) and () require that routing variabes and caacity assignment variabes are ositive. This formuation yieds different route assignment and caacity aocation at different hour-eriods. TREE SELECTION HEURISTICS The VPN design mode for MPLS, where a routing ath is a sin-tree, often invoves enumerating a set of a ossibe routing tree aths. For exame, if a set of candidate tree aths incudes a distinct trees sanning over a node the ath set can be as arge as N N for an N-node networ [6]. One can easiy see that the robem size (e.g. the number of technica variabes) grows exonentiay with the number of nodes. Therefore, standard aroaches for soving such robems are difficut and sometimes rohibitive due to the comexity of the robem. In order to obtain a soution for a reaistic-size networ within a feasibe amount of time, tree seection heuristics is roosed to imit the set of candidate sin-tree aths to be searched over. In our extensive study, numerica resuts obtained from the VPWBA robem revea atterns of otima soution showing that otima trees agree on using ess number of ins when ossibe. Beside a arge demand is routed through the shortest ossibe route when caacity cost can be justified over a sanning tree route. Nonethees a sma demand may be routed through a onger ho on a sin-tree route when traffic aggregation yieds savings in bandwidth. These findings give us some guideines in choosing candidate tree aths. Tyicay, in the oint-tooint routing ath, the size of recomuted ath sets can be reduced by imosing a ho-count imitation. However, both ho-count and the number of ins in a tree are critica factors in seecting a good candidate set of trees. By imosing the ho-count constraint, we simy avoid choosing singe-branch trees which may introduce an undesirabe deay vioation. In genera, choosing a tree having ess number of ins wi romote bandwidth sharing at as many common ins as ossibe. Thu in the roosed ath seection heuristic the agorithm wi start by enumerating distinct trees sanning over a edge routers that satisfy a ho imitation constraint and raning them based on the number of ins used in each candidate tree. Then, ony a fixed number of candidate sin-tree aths wi be chosen for an otimization rocedure. Essentiay, trees having ess number of ins are referred. NUMERICAL RESULTS Bacbone networs under study have 0 and MPLS routers (shown in Figure and ) where 7 and 0 of those are edge-routers resectivey. Each in has an OC- caacity of 6 Mbs. Traffic from VPNs is assumed to be symmetric with a demand varied uniformy within {0,,0,,0} T rate. Characteristics of traffic source are assumed to be nown ( R =00 Kb b =00 msec, ρ =0.). Caacity wi be aocated for each traffic sources such that the connection bocing robabiity at the edge router wi not exceed 0 -. The VPNs design robem is soved by using AMPL with CPLEX 7. InP sover imementing branch and bound soution technique. Same resuts shown in Tabe comare a fu-mesh design versus the roosed design mode. By utiizing sin-tree aths in the design, a cost can be reduced aroximatey by 0 ercent. It is aso shown that the otima sin-tree aths tend to share many ins in common as reviousy mentioned. Next, the study of the roosed ath seection heuristics is conducted. Figure iustrates the otima caacity cost and comutationa time obtained using different sizes of recomuted-ath sets for a 0-node networ. In this case, the true otima soution can be best aroximated with 80 sin-tree aths and taes 00 seconds of comutationa time. It is ceary shown that the roosed heuristics ath seection agorithm can argey reduce the candidate set of sin-tree aths to be searched over and aows the otima soution to be obtained quicy. The effect of imosing different vaues of ho imitation in the heuristics ath seection is shown in Figure. The ho-count imit of 7 and 0 are used for a comarison. With a ho-count imitation of 7, the obtained soution wi converge faster to the true otima soution using a smaer set of candidate aths.
This imies that choosing the right vaue for ho-count imitation in the heuristic ath seection agorithm can affect the goodness of candidate sin-tree aths. CONCLUSIONS In this aer, we have formuated the MPLS based mutihour VPNs design robem considering sin-tree routing ath where traffic aggregation is ossibe. The mode aims to simutaneousy find otima ayouts of mutie VPNs so as to minimize the tota caacity cost whie satisfying QoS requirements. A recomuted set of candidate sintree ath is used in the formuation to be searched over. Such a robem ceary yieds an NP-hard comexity; therefore, a heuristics ath seection agorithm is roosed to choose ony a sma-but-good set of candidate aths to be fed to an otimization mode. The numerica resuts show that the roosed agorithm can reduce comutationa time significanty. Figure.Networ with 0 routers and ins REFERENCES [] E. Rosen, A. Viswanathan, and R. Caon, "Mutirotoco Labe Switching Architecture," RFC 0, January, 00. [] D. Awduche, et a., "Requirements for Traffic Engineering Over MPLS," RFC 70, Setember, 999. [] K. M. Girish, B. Zhou, and J.-Q. Hu, "Formuation of the Traffic Engineering Probems in MPLS based IP Networ" Proceedings ISCC 000. Fifth IEEE Symosium on Comuters and Communications., Los Aamito CA, USA,. -9, 000. [] H. Saito, Y. Miyao, and M. Yoshida, "Traffic Engineering using Mutie mutioint-to-oint LSP" IEEE INFOCOM 000,. 89-90, March, 000. [] R. Guerin, H. Ahmadi, and M. Naghshineh, "Equivaent Caacity and Its Aication to Bandwidth Aocation in High-Seed Networ" 7th ITC Seminar, Morristown, NJ, October, 990. [6] N. Christofide Grah Theory and Agorithmic Aroach, London: Academic Press Inc., 986. Tota Cost (unit) Figure. Networ with routers and ins 8000 7800 7600 700 700 Tooogy design of VPNs over 0-node Networ otima soution execution time 7000 0 0 00 0 00 0 00 0 00 0 Number of candidate sin-tree aths Figure. Performance of heuristics ath seection. 600 Tooogy design of VPNs over -node Networ 00 000 00 000 00 CPU Time (sec) Point-to-Point LSPs Sin-Tree LSPs Nodes Cost # Labe / # ins used Cost # Labes / # ins used # LSPs Avg. ( Max ) #LSPs Avg. ( Max ) Symmetric Demand 0 8 0 / 7 6. ( 8 ) 7 / 6.0 ( 8 ) 787 0 / 87.79 ( 8 ) 698 /.67 ( 8 ) Asymmetric Demand 0 70 0 /.67 ( 8 ) 67 /.6 ( 7 ) 67 80 / 6.6 ( 8 ) 08 0 /0. ( 7 ) Tota cost (unit) 600 600 6000 900 800 700 600 Ho-Limit = 0 Ho-Limit = 7 Tabe. Point-to-oint and sin-tree LSPs comarison 00 00 0 00 000 00 000 00 000 00 000 00 000 Number of candidate sin-tree aths Figure. Effect of ho-imit to heuristics ath seection.