Tunnel minimization and relay for managing virtual private networks

A virtual private network (VPN) is a private data network, that carries traffic between remote sites. One of the most popular VPN applications is the "intranet/extranet VPN", which establishes network layer connections between remote intranet sites, using various tunneling protocols, to create an IP overlay network. IPSec, which is very prevalent in the industry, is one of these tunneling protocols that not only provide encapsulation/decapsulation but encryption/decryption and hashing, However, an IPSec tunnel often fails to be established due to the management complexity. The paper proposes a new concept of authority to alleviate the management overhead by reducing the number of tunnels. The problem of tunnel minimization is first formalized under three conditions - no constraint, a tunnel path length constraint and a tunnel relay degree constraint - and is then solved using graphical models and the zero-one integer programming algorithm. The effect of tunnel minimization is also investigated, and at most 90% of the tunnels are found to be reducible in a general enterprise VPN.