Inter-Domain Path Provisioning with Security Features: Architecture and Signaling Performance

Significant research and standardization efforts are underway to enable automated computation and reservation of connection-oriented paths (circuits) across multiple domains. In the absence of a secure authentication and authorization mechanism, however, carriers continue to provision connections manually, which leads to large setup delays and increases possibility of configuration errors. Carriers also lack mechanisms to meter connection quality during the service lifetime and typically do not exchange accounting information for established connections for auditing and billing purposes. In this paper, we address the challenge for automatic multi-domain path provisioning with authentication, authorization and accounting (AAA) capabilities in carrier-grade transport networks. The designed solution secures computation and reservation for path provisioning and also leverages a standard accounting model which incorporates the accounting signaling for an inter-domain connection. In order to evaluate the impact of the proposed framework on signaling performance, we also provide an analytical framework scalable to large inter-domain network scenarios. We verify the analysis using event-driven simulations and then use this analytical model to quantify the feasibility of our model in terms of signaling load and signaling delay for a wide range of network scenarios.