Improving the tunnel management performance of secure VPLS architectures with SDN

Secure VPLS (Virtual Private LAN Services) networks are becoming attractive in many Enterprise applications. However, the tunnel establishment mechanisms of legacy VPLS architectures are static, complex and inflexible in nature. As a result, secure VPLS architectures are suffering from limitations such as the limited scalability, over utilization of network resources, high tunnel establishment delay and high operational cost. In this article, we propose a novel SDN (Software Defined Networking) based VPLS (Virtual Private LAN Services) architecture to overcome tunnel management limitations in existing secure VPLS architectures. The proposed architecture utilizes IPsec enabled OpenFlow switches as PEs (Provider Edge Equipments) and OpenFlow protocol to install flow rules in PEs. A centralized controller is used to manage the tunnel establishment functions. We also propose a novel tunnel management mechanism which can estimate the tunnel duration based on real time session characteristics. Moreover, a novel tunnel resumption mechanism is proposed to reduce the tunnel establishment delay of subsequent tunnel establishments. Finally, the performance of proposed architecture is analyzed by using a simulation model and a testbed implementation.