Secure hierarchical Virtual Private LAN Services for provider provisioned networks

Virtual Private LAN Service (VPLS) is a widely used Layer 2 (L2) Virtual Private Network (VPN) service. Initially, VPLS architectures were proposed as flat architectures. They were used only for small and medium scale networks due to the lack of scalability. Hierarchical VPLS architectures are proposed to overcome these scalability issues. On the other hand, the security is an indispensable factor of a VPLS since it delivers the private user frames via an untrusted public network. However, the existing hierarchical architectures unable to provide a sufficient level of security for a VPLS network. In this paper, we propose a novel hierarchical VPLS architecture based on Host Identity Protocol (HIP). It provides a secure VPLS network by delivering vital security features such as authentication, confidentiality, integrity, availability, secure control protocol and robustness to the known attacks. The simulations verify that our proposal provides the control, forwarding and security plane scalability by reducing the number of tunnels in the network as well as the number of keys stored at a node and the network. Finally, the simulation results confirm that the control protocol of the proposed architecture is protected from IP based attacks.