The present disclosure relates generally to traffic engineering of connectionless virtual private network (VPN) services and in particular, to a method of traffic engineering that can be utilized to provide a quality of service guarantee on a connectionless VPN service.
Many corporations utilize connectionless VPNs to provide communication between offices and plants that are located in different geographic locations. A VPN may be implemented in a variety of manners, including building a VPN on top of an existing asynchronous transfer mode (ATM) network and building a VPN directly over the Internet. Typically, each geographic location within a VPN includes a firewall and a network means to access the other geographic locations covered by the VPN (e.g., a tunnel between each geographic location within the VPN). A VPN may provide a connectionless or connection-oriented service. A connectionless service is often compared to a postal system and refers to a network service where each packet carries a full destination address and each packet is routed through the network independently of other packets within the network. This is contrasted with a connection-oriented service, where a requesting node establishes a connection with a receiving node, sends data via the connection and then discontinues the connection. Both types of network services, connectionless and connection-oriented, may be characterized by a quality of service (QoS) metric, or guarantee.
The basic technique for providing QoS guarantees is the allocation of network resources along the path of the service instance. Typically, the network resource allocation is summarized as the bandwidth allocation for that service on a link, or path. Bandwidth allocation is a fundamental requirement for a variety of QoS guarantees. For example, guarantees on bandwidth, latency, loss and jitter all require, at a minimum, that bandwidth can be guaranteed. This works for connection-oriented services, but has problems for connectionless services where the path must be defined on a packet-by-packet basis. There is no formally standardized solution that provides a mechanism to dimension the connectionless network. Generally, the connectionless network is considered as a “cloud” network and link bandwidths are upgraded individually as the traffic load reaches critical thresholds. QoS approaches (e.g., Differentiated Services) require dimensioning for bandwidth across the whole network as they decouple from the routing. In layer 3 VPNs (e.g., RFC 2547 style VPNs) the traffic between the endpoints of the VPN is restricted to a logical mesh between those endpoints. A similar approach may be utilized for layer 2 VPNs in the context of virtual private LAN service (VPLS). One approach to a QoS extension is to reserve bandwidth along each of those logical paths in the logical mesh of endpoint connections. The mesh of connections could be implemented by a variety of tunneling mechanisms such as multi protocol label switching (MPLS), generic routing encapsulation (GRE) and internet protocol security protocol (IPsec).
A drawback to reserving bandwidth along each of the logical paths in the logical mesh is that the bandwidth reservation requirements scale with the number of endpoints. In order to guarantee bandwidth for a connectionless service, it must be possible to guarantee bandwidth between each of the endpoints, or edge nodes within the network. For example, a first edge node may have a maximum bandwidth to the network of one-hundred megabits per second (Mb/s) and it may be necessary to dimension the network such that those one-hundred Mb/s can be delivered to any other edge node in the connectionless network. One way to do this is to reserve bandwidth for each direct path between the first edge node and each other edge node. For example, if three other edge nodes exist in the network, this would require three-hundred Mb/s to be reserved through the network even though the first edge node can only send a maximum of one-hundred Mb/s. As the number of edge nodes becomes large, the amount of bandwidth required to be reserved based on each of the logical paths in the logical mesh may not be physically available on the links within the connectionless VPN.