Ring-Based Virtual Private Network Supporting a Large Number of VPNs

This paper proposes a simple but effective VPN mechanism called RING-VPN (Ring-based Virtual Private Network) that realizes a high scalability in terms of the number of VPNs. The key idea of the RING-VPN is to logically connect nodes in a ring topology for minimizing the number of IPsec tunnels. In the RING-VPN, each VPN node operates autonomously, making VPNs robust even in case of node and/or link failures. It also quantitatively evaluates the performance of the RING-VPN using mathematical analysis. This paper derives several important performance metrics of RING-VPN, such as VPN construction time, and VPN recovery time, as well as user-level performance metrics, such as minimum TCP throughput, roundtrip time and packet loss probability.