Browse > Article

On-Demand Tunnel Creation Mechanism in Star VPN Topology  

Byun, Hae-Sun (이화여자대학교 컴퓨터학과)
Lee, Mee-Jeong (이화여자대학교 컴퓨터학과)
Publication Information
Journal of KIISE:Information Networking / v.32, no.4, 2005 , pp. 452-461 More about this Journal
Abstract
In the star VPN (Virtual Private Network) topology, the traffic between the communicating two CPE(Customer Premise Equipment) VPN GW(Gateway)s nay be inefficiently transferred. Also, the Center VPN GW nav erperience the overload due to excessive packet processing overhead. As a solution to this problem, a direct tunnel can be established between the communicating two CPE VPN GWs using the IKE (Internet Key Exchange) mechanism of IPSec(IP Security). In this case, however, the tunnel establishment and management nay be complicated. In this paper, we propose a mechanism called' SVOT (Star VPN On-demand Tunnel)', which automatically establishes a direct tunnel between the communicating CPE VPN GWs based on demand. In the SVOT scheme, CPE VPN GWs determine whether it will establish a direct tunnel or not depending on the traffic information monitored. CPE VPN GW requests the information that is necessary to establishes a direct tunnel to the Center VPN GW Through a simulation, we investigate the performance of the scheme performs better than the SYST scheme with respect to scalability, traffic efficiency and overhead of Center VPN GW, while it shows similar performance to the FVST with respect to end-to-end delay and throughput.
Keywords
VPN; tunnel establishment; direct tunnel;
Citations & Related Records
연도 인용수 순위
  • Reference
1 http://www.isi.edu/nsnam/ns/index.html
2 Man Li, 'Policy-Based IPsec Management,' IEEE Network, Vol. 17. no. 6, pp. 36-43, 2003   DOI   ScienceOn
3 Jeremy De Clercq, Olivier Paridaens, 'Scalability implications of virtual private networks,' IEEE Communications Magazine, no. 5, pp. 151-157, 2002   DOI   ScienceOn
4 Dinesh C. Verma, 'Simplifying Network Administration Using Policy-Based Management,' IEEE Network, vol. 16, no. 2, pp. 20-26, 2002   DOI   ScienceOn
5 Y. Yang, C. U. Martel, S. F. Wu, 'On Building the Minimum Number of Tunnels:An Ordered-Split approach to managem IPSec/VPN policies,' NOMS-IEEE/IFIP Network Operations and Management Symposium, vol. 9, no. 1, pp. 277-290, 2004
6 Lisa Phifer, 'Speeding Deployment from the Center: eTunnels VPN-on-Demand,' http://www.ispplanet.com/technology/etunnels1.html, 2000
7 B. Gleeson, A. Lin, J. Heinanen, G. Armitage A. Malis, 'A Framework for IP Based Virtual Private Networks,' RFC 2764, Informational, 2000
8 R. Atkinson, 'Security Architecture for the Internet Protocol,' RFC 1825, Standards, 1995
9 D. Harkins, D. Carrel. 'The Internet Key Exchange(IKE),' RFC 2409, Standards, 1998