A packet network generally includes a number of packet switching nodes and transmission facilities between them. Two types of packet communication services are possible: connectionless and connection-oriented. A connectionless network is a type of packet-switched network in which no logical connection is required between sending and receiving stations. Each data unit or packet includes the source and destination addresses and can take any available route between source and destination. The Internet Protocol (IP) is connectionless and packets going to the same destination may take different routes. In contrast, a connection-oriented network generally establishes a fixed association and path between a sender and a receiver. Then, the transport service will guarantee that all data will be delivered to the other end in the same order as sent and without duplication. Communication proceeds through three well-defined phases: connection establishment, data transfer, connection release. The most common examples include Frame Relay (FR) and Asynchronous Transfer Mode (ATM).
A VPN (virtual private network) is a managed service in which secure communication, management, and addressing, equivalent to a private network, is provided on a shared network infrastructure. A VPN customer is the entity that subscribes to a VPN service. A VPN user is an entity of the VPN customer that uses a packet communication service of the VPN.
For example, there are a number of VPN services that enable VPN customers to generate VPN using the Internet as the medium for transporting data. These VPN services use encryption and other security mechanisms to ensure that only authorized users can access the VPN and that the data cannot be intercepted.
VPNs can be implemented in both connectionless and connection-oriented protocols. A VPN uses “tunneling” to encrypt all information at the IP level. One problem with VPNs is that the customer is frequently unable to obtain information about the VPN network; in the case of a connectionless service, the customer and the user of a VPN see that VPN as a cloud; packets are placed into the cloud, and received at the output of the cloud, but the customer and user have little visibility as to what happens to the packet en route to the destination. In the case of a connection-oriented service, they see the VPN as a set of point-to-point connections. In either case, the networking aspects of the VPN are invisible. This situation fits the requirements of small and medium businesses well. However, when a carrier or even a large enterprise subscribes to a VPN service, there is a value in making the internal structure of the VPN itself visible and controllable. Such large customers may want to do some or all of their VPN fault, configuration and performance management themselves. Furthermore, a user in such a customer may want to have more control and more guarantee on the assignment of bandwidth within the VPN, including getting visibility of the VPN topology for the purposes of routing.