Internet Protocol (IP) Virtual Private Networks (VPNs) are overlaid on top of public IP networks to provide connectivity between geographically disperse locations in lieu of connections owned or leased exclusively for a private network. They allow businesses to connect branch offices, telecommuters, field representatives, and partners/suppliers to a central location using the Internet or an Internet Service Provider's (ISP's) public, shared IP network to securely transmit private data. IP VPNs can also consist of specifically defined groups of end-users who use the Internet or an ISP's public, shared IP network to securely transmit private data. The most common forms of IP VPNs are intranet VPNs, remote access VPNs (or dial VPNs), and Extranet VPNs. IP VPNs have all the characteristics of a private network even though they use a shared public infrastructure, and are offered by ISPs to business customers who want to leverage the efficiencies of a public network, but desire the security of a private network. IP VPNs aim to provide the reliability, performance, quality of service, and security of traditional WAN environments using less costly and more flexible ISP facilities.
The IP VPN solutions available today are cost effective because they are implemented on a shared network infrastructure. IP VPNs eliminate expensive leased line connections and long-distance dial-ups, reduce administrative overhead, and provide the flexibility needed to meet ever-changing network requirements. Extranet VPNs offer very definite cost and security benefits over alternatives.
Today's Internet Service Provider (ISP) network architecture supports access to the Internet for dedicated, remote, and mobile access users and provides the foundation for current IP VPN service offerings. In a typical ISP network architecture, such as depicted in FIG. 1, dedicated access customers (36) use an access router (35) to connect to the ISP's network (10) by means of low-speed access networks (30), for example, private line T-1, frame relay, xDSL and the like. Remote users (37) connect to the ISP by means of the PSTN and mobile users (38) connect to the ISP by means of a wireless network, both of which are low-speed access networks. Edge routers (25) provide access to the ISP's core network. The ISP connects to the Internet (20), or other ISPs, by means of peering routers (15). Servers (40-60) sitting in the ISPs Network Operations Center (NOC) or Data Center provide authentication, authorization, and accounting functions. Servers providing additional IP services such as DHCP address assignment, DNS name resolution, web hosting and the like also reside in the ISP's Data Center.
Traditionally, IP VPNs are statically provisioned by a ISP's Network Operations Center (NOC) personnel at which time customers specify the IP VPN's topology, user membership, and security levels. Creating or deleting an IP VPN, or changing its topology, or security parameters, requires a call by the subscriber to their ISP whose personnel perform the IP VPN management. This process incurs a provisioning delay and impacts potential revenue that could be generated by the ISP.
New generations of advanced IP applications are emerging that require the specific levels of QoS, access restrictions, data integrity, and group confidentiality that an IP VPN service can offer. These applications may be used for limited, pre-determined times by large and dynamic bases of subscribers. However, the concept of a limited-time IP VPN service, as well as an IP VPN service automatically being made available at a certain time, cannot be implemented using current networking technologies. Therefore, ISP network resources dedicated to the IP VPN service sit idle when the IP VPN is not in use.