Edge provisioning and fairness in VPN-Diffserv networks

Customers of virtual private networks (VPN) over differentiated services (Diffserv) infrastructure are most likely to demand not only security but also guaranteed quality of service (QoS) as there is a desire to have leased line like services. However, it is expected that they will be unable or unwilling to predict load between VPN endpoints. In this paper, we propose that customers specify their requirements as a range of quantitative services in the service level agreements (SLAs). To support such services ISPs would need to have an automated provisioning system that can logically partition the capacity at the edges to various classes (or groups) of VPNs and manage them efficiently to allow resource sharing among the groups in a dynamic and fair manner. While with edge provisioning, a certain amount of resources based on SLAs (traffic contract at edge) are allocated to VPN connections, we also need to provision the interior nodes of a transit network to meet the assurances offered at the boundaries of the network. We therefore propose a two-layered model to provision such VPN-Diffserv networks where the top layer is responsible for edge provisioning and drives the lower layer in charge of interior resource provisioning with the help of a bandwidth broker (BB). Various algorithms, with examples and analysis, are presented to provision and allocate resources dynamically at the edges for VPN connections. We have developed a prototype BB performing the required provisioning and connection admission