As it is generally known, a virtual private network (VPN) enables use of a shared or public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to an organization's network. VPNs have become a popular alternative to systems of privately owned or leased lines that can only be used by one organization. A VPN operates over the shared or public infrastructure by maintaining privacy through security procedures and tunneling protocols, such as the IPsec (IP security) protocol. By encrypting data at a sending end, and decrypting it at a receiving end, the VPN sends data through a secure “tunnel” that can only be “entered” by data that has been properly encrypted.
Today's Internet Service Providers (ISPs) provide a variety of services to individuals and companies involving access to the Internet. These services include providing VPNs traversing the Internet. Many ISP customers currently use ISP provided VPNs to minimize their internal IS (Information Services) costs. These services are called Network based VPN services. Such services may be based on either the VR (Virtual Router) model, or the BGP/MPLS (Border Gateway Protocol/MultiProtocol Label Switching) model, also referred to as the VRF model. However, a problem exists in that the current metrics for charging ISP customers for VPN services do not accurately reflect the actual utilization of ISP controlled resources. This problem is accentuated by the fact that routes carrying VPNs may be either statically defined, using a constant set of allocated resources, or dynamically defined, allocating resources on an as-needed basis. Additionally, ISP customers may desire to limit, and/or be accurately informed about, the utilization of VPN related resources, especially when charges for VPN services are tied to actual resource utilization. Moreover, both VPN customers and ISPs are interested in preventing attacks, for example by disgruntled employees, as may be performed based on flooding the ISP infrastructure with unauthorized resource requests associated with a customer's VPN.
For the above reasons and others, it would be desirable to have a new system for managing resources used by VPNs, such as VPNs provided through Network based VPN services, including VPNs based on the VR (Virtual Router) model, or the BGP/MPLS (Border Gateway Protocol/MultiProtocol Label Switching) or VRF model. The system should accurately monitor and/or control the resources used by VPNs provided by a service provider such as an ISP. The system should further be operable to prevent attacks that are aimed at flooding a service provider network infrastructure with unauthorized resource requests.