Content uploaded by Mohammad Borhani
Author content
All content in this area was uploaded by Mohammad Borhani on Aug 23, 2022
Content may be subject to copyright.
Optimization of Relay Placement for Scalable
Virtual Private LAN Services
Mohammad Borhani
Linköping University
Linköping, Sweden
mohammad.borhani@liu.se
Ioannis Avgouleas
Linköping University
Linköping, Sweden
ioannisavgouleas@gmail.com
Andrei Gurtov
Linköping University
Linköping, Sweden
gurtov@acm.org
ABSTRACT
Virtual Private LAN Services are becoming popular for securely
connecting geographically dispersed devices to a common pro-
tected LAN network isolated from the rest of the Internet. Tradi-
tional IP routing protocols cannot provide such connectivity; thus
an overlay network of encrypted HIP/IPsec tunnels can be used
instead. However, the number of full-mesh tunnels between com-
municating devices grows exponentially to the number of devices
thereby suggesting the investigation of alternatives. The introduc-
tion of relaying, which entails selecting a subset of hub routers to
retain full-mesh connectivity, allows non-hub routers, the so-called
spokes, to maintain connectivity via a hub. In this work, we study
the eect of relay-based routing that minimizes the number of hubs,
the connection cost between spokes and hubs, the cost of connect-
ing hubs, and the hubs deployment cost. Additionally, we prove
that this minimization problem is NP-hard and, thus, intractable
for large scale networks. Therefore, we propose an algorithm with
provable guarantees that provides an approximate but ecient so-
lution. Initial simulation results indicate a reduction by more than
90% in the memory required for routing tables at the expense of a
minor increase in the tunnel path length.
CCS CONCEPTS
•Networks
→
Network design principles; Network Design; •
Theory of computation
→
Discrete optimization;•Mathematics
of computing →Mathematical optimization.
KEYWORDS
Virtual Private LAN Services, Routing, Host Identity Protocol, Ap-
proximation Algorithm
ACM Reference Format:
Mohammad Borhani, Ioannis Avgouleas, and Andrei Gurtov. 2022. Opti-
mization of Relay Placement for Scalable Virtual Private LAN Services. In
ACM SIGCOMM 2022 Workshop on Future of Internet Routing & Addressing
(FIRA ’22), August 22, 2022, Amsterdam, Netherlands. ACM, New York, NY,
USA, 7 pages. https://doi.org/10.1145/3527974.3545719
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for prot or commercial advantage and that copies bear this notice and the full citation
on the rst page. Copyrights for components of this work owned by others than the
author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior specic permission
and/or a fee. Request permissions from permissions@acm.org.
FIRA ’22, August 22, 2022, Amsterdam, Netherlands
©2022 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ACM ISBN 978-1-4503-9328-7/22/08.
https://doi.org/10.1145/3527974.3545719
1 INTRODUCTION
A massive amount of devices with heterogeneous requirements are
being connected through the Internet daily. These include smart
sensors, valve controls, and trac lights, among others. Recent stud-
ies have revealed thousands of such devices online per a medium-
size country, often using outdated insecure protocols such as Mod-
Bus [
10
]. Such devices are often hard to patch and contain known
vulnerabilities that can be exploited in botnets such as Mirai. Thus,
there is a clear need to hide such devices from the public Internet,
yet allowing authorized connectivity for remote data management
and updates.
The concept of Virtual Private LAN Services (VPLS) is based
on an idea to combine islands of such devices to a single virtual
local-area network using a set of encrypted tunnels [
6
,
11
,
17
]. Pro-
grammable gateways at each island intercept Address Resolution
Protocol (ARP) requests targeted to other islands, capture and en-
capsulate LAN packets for tunneling over the Internet. The Host
Identity Protocol (HIP) oers an appropriate method to establish
IPsec ESP tunnels with a base exchange, maintain with keep-alive
UPDATE messages and gracefully close when not needed. HIP can
be viewed as one internetworking architecture aiming to imple-
ment identier/locator split. Furthermore, other identier/locator
separation approaches exist, such as the Locator/Identier Separa-
tion Protocol (LISP). However, since HIP encompasses end-to-end
security, mobility and multi-homing, we are primarily concerned
with a seamless integration of VPLS with HIP [19].
As VPLS uses a single broadcast domain, it has multiple benets,
including low communication latency, support for legacy protocols,
and cost-eective installation and maintenance costs thereby re-
ducing CAPEX and OPEX. The popularity of VPLS is encouraged
by the fact that companies such as Cisco, Juniper, and Nokia are
working on VPLS [
2
,
13
,
20
]. Moreover, HIP-based VPLS (HIPLS) is
successfully implemented for example by Tempered Networks in
USA [
23
]. Their deployment scenarios include securely connecting
several hundred buildings of a university campus, wind generators
of a electrical company, and a network of ATM machines. HIPLS
allows devices to communicate in a LAN-like conguration while,
at the same time, being hardly accessible for breaching their defense
using the Internet. Additionally, the increasing scale of VPLS net-
works gives rise to challenges such as optimal tunnel management,
performance and fault-tolerance.
Maintaining a full-mesh of all-to-all gateway tunnels is ine-
cient, since limited ternary content-addressable memory (TCAM)
constraints the number of tunnels to a few thousand per gateway.
Thus, it makes sense to dynamically establish and close the tunnels
based on the current trac patterns between device islands. By
utilizing the concept of relaying [
14
], packets can be forwarded
FIRA ’22, August 22, 2022, Amsterdam, Netherlands M. Borhani, I. Avgouleas, A. Gurtov
Figure 1: Memory footprint of the routing tables in an example secure HIPLS network with four PEs using: (A) full-mesh and
(B) relay-based routing (the studied approach). In the latter, only the hub PEs are fully-meshed thereby realizing great memory
savings for the spoke PEs at the expense of a minor increase in the tunnel path length for connecting spoke PEs.
through another gateway with an already active tunnel thereby
reducing the need of activating a new gateway router. However,
added latency must be considered as often VPLS trac is of real-
time nature. Finally, to address the single point of failure by using
only the main tunnel, multiple existing paths with appropriate delay
for fault-tolerance should be considered.
Somewhat surprisingly, even if relaying for Multi-Protocol Label
Switching (MPLS) was studied e.g., in [
1
], this the rst paper to con-
sider relaying for encrypted tunnels. This paper makes following
contributions:
•
We propose and formulate the "Relay Placement Problem
(RPP)" for programmable tunnel gateways to minimize the
cost of activating and deploying hub and spoke routers for
relay-based routing.
•We prove that RPP is NP-hard.
•
We develop an approximation algorithm to oer a polynomial-
time solution to the RPP problem, with a guaranteed approx-
imation factor.
•
Numerical experiments for dierent scenarios, including real-
world topologies, demonstrate that our proposed algorithm
decreases the overall amount of router memory required by
more than 90% and lowers network provider costs at the
expense of a minor increase in packets traversed paths.
The rest of the paper is organized as follows. In Section 2, we give a
brief introduction to VPLS. Section 3 formulates the relay placement
problem and develops an approximate but ecient algorithmic
solution. Section 4 discusses the results. Last, Section 5 concludes
the paper and gives directions for future works.
2 BRIEF INTRODUCTION TO VPLS
VPLS is a Layer 2 provider-provisioned VPN that allows multi-point-
to-point connection between remote customer sites via a provider
network. A usual VPLS deployment has multiple key components
including:
•
Customer Network: This is the VPLS network’s user. It
is composed of numerous sites that are geographically dis-
persed and completely managed by the user. Global manu-
facturer, national health care provider, energy cooperative
are few examples for VPLS users.
•
Provider Network: This is the VPLS underlay network
that allows tunnels to be established. The provider networks
are typically Layer 3 networks that use common network
protocols such as MPLS or IP.
•
Provider Edge Equipment (PE): PEs are the gateways for
customer network trac and are located at the provider’s
network’s edge. PEs also have a thorough understanding of
the VPLS network. Tunnels are constructed between PEs.
•
Customer Edge Equipment (CE): CEs are the interconnect-
ing devices between the customer and provider networks.
CEs are owned by the customer and located on the cus-
tomer’s premises.
HIPLS is the secure VPLS architecture containing a logical se-
curity layer for managing VPLS security services. HIPLS oers
payload encryption, secure control protocol, protection from IP
attacks, and PE authentication [11, 18].
3 RELAY PLACEMENT PROBLEM (RPP)
3.1 Overview
To interconnect PEs, the provider creates a full-mesh of HIP tunnels
via the IP/MPLS-based provider network. However, this reachability
model forces routing tables in PEs to grow large. For the sake of
illustration, we show a HIPLS network with four sites (connecting
via CEs) in Figure 1. In a full-mesh setup, each PE should install four
routes (prex) to ensure connectivity. Furthermore, the fact that
each PE in a VPLS design can potentially be connected to numerous
CEs increases the size of the PE routing table exponentially.
The concept of relaying can be employed to decrease the growth
of entries in routing tables. The relaying strategy selects a small
Optimization of Relay Placement for Scalable
Virtual Private LAN Services FIRA ’22, August 22, 2022, Amsterdam, Netherlands
subset of PEs as hub nodes while retaining full-mesh reachabil-
ity [
14
]. This allows non-hub PEs, known as spoke PEs, to reach
other PEs by relaying through a specied hub PE. Relaying, as
shown in Figure 1 (B), can substantially reduce the routing entries
on the spoke PEs at the expense of more trac being relayed on the
provider network, which could increase latency for the customer
sites.
Selecting the hub routers for relaying involves minimizing the
number of hubs, as fewer hubs reduce the PE memory footprint
and lowers hubs’ installation and maintenance costs. Moreover, the
trac between two spoke PEs is possibly rerouted via a hub PE
over an indirect path.
Raghunath et al. [
21
] investigated the structure of VPNs and
discovered that hub-spoke architecture is employed in VPNs. Kim
et al. [
14
] explored the scalable routing for MPLS L3VPN as an
optimization problem. Our work diers from theirs as we consider
secure VPLS as our target network. Furthermore, our problem for-
mulation takes into account various costs (for instance, spokes to
hub and hub installation cost) and provides a minimum cost tree
that spans the hubs.
3.2 Problem Formulation
We dene the core network within the provider network to only
contain hub PEs. In other words, a core network is a set of inter-
connected hub PEs that are responsible nodes for relaying data.
Furthermore, transferring trac between hub PEs within the core
network incurs switching costs for the network provider. The fol-
lowing steps are involved in deploying the relaying architecture
within the HIPLS network:
•
Hub PE selection: This step considers selecting a set of PEs
as the hub for data transmission with the aim of minimizing
the hubs’ installation and maintenance costs. Other non-hub
PEs will be considered as spokes.
•
Hub PE assignment: Connecting each spoke PE to its des-
ignated hub PE accomplishes this step.
•
The Hubs link selection: The last stage entails choosing
links (edges) to connect all hub PEs, with the goal of picking
links that lower the total cost of connection between hub
nodes.
We dene the Relay Placement Problem (RPP) in HIPLS as follows:
the provider network is modeled as an undirected graph
𝐺=(𝑉 , 𝐸)
,
where
𝑉={𝑃𝐸1, 𝑃 𝐸2, . . . , 𝑃 𝐸𝑛}
is the set containing all PEs in the
network.
𝐸
denotes the set of edges (links) that connect the PEs,
and
𝑐
:
𝐸−→
Q
+
represents the cost of edges. Latency, bandwidth,
and cost to use specic links are among the possible metrics for
edge costs.
F ⊂ 𝑉
denotes the set containing possible locations for instal-
lation of hub PEs, and spoke PEs are represented by
D ⊂ 𝑉
. The
solution to RPP considers selecting a set of active hub PEs denoted
by
𝐹
such that
𝐹⊂ F
. Then, assigning each spoke PE
𝑗
(
𝑗∈ D
) to
some hub PE. Let
𝑥𝑖 𝑗
denote a binary variable indicating whether
the spoke
𝑗
is connected to hub
𝑖
. Additionally,
𝑦𝑖=
1denotes
whether hub
𝑖
should be activated, and
𝑑𝑖 𝑗
is the communication
cost between spoke PE
𝑗
and hub PE
𝑖
(the cost of routing con-
cerning the edge costs connecting spoke
𝑗
to hub
𝑖
). Moreover,
𝑎𝑖
denotes the cost of activating hub
𝑖
that is congured by the net-
work provider, and represents deployment and maintenance cost
of hubs.
Finally, the Steiner tree
𝑇
, the tree with the minimum cost that
spans all hub PEs, should be constructed to ensure the connectivity
of hub PEs. We formulate RPP within HIPLS network as:
(𝑃)minimize
𝑖∈𝐹
𝑗∈D
𝑑𝑖 𝑗 𝑥𝑖 𝑗 +𝑁
𝑘∈𝑇 .𝑒𝑑𝑔𝑒𝑠
𝑐(𝑘) +
𝑖∈𝐹
𝑎𝑖𝑦𝑖(1)
The term
Í𝑖∈𝐹𝑎𝑖𝑦𝑖
in the
(𝑃)
calculates the opening cost of hub
PEs; the second term i.e.,
𝑁Í𝑘∈𝑇.𝑒𝑑𝑔𝑒 𝑠 𝑐(𝑘)
, captures the Steiner
cost to connect all hub PEs via the Steiner tree
𝑇
, in which
𝑁≥
1
is a parameter to represent the cost of connecting hub PEs in core
network. The connection cost between spoke PEs and hub PEs is
demonstrated in Í𝑖∈𝐹Í𝑗∈D 𝑑𝑖 𝑗 𝑥𝑖 𝑗 .
Problem
(𝑃)
is a network design problem i.e., a NP-hard problem
[
5
]. Although the RPP seems to be formulated easily, it is a dicult
problem to solve eciently (unless P
=
NP), making the exact
solution intractable for medium to large networks. As a result,
we provide an approximation schema for RPP, which produces
solutions with reasonable running times in reality, as opposed to
exact methods, which are computationally expensive.
3.3 Approximation Algorithm for RPP
Some of the most well-known NP-hard network design problems
can be approximated using simple randomized algorithms [
7
]. A
class of these algorithms, known as Sample-Augment (SA) algo-
rithm, are based on the idea of selecting a random sample from the
problem input, solving a subproblem, and nally augmenting the
result with the solution to the original problem [8, 9].
We dene the Sample-Augment problem for a minimization
problem Pas follows:
(1)
Dene K
={
1
, . . . , 𝑛 }
as a set containing elements, and
sampling probability for the elements as (𝑝1, . . . , 𝑝𝑛)
(2) P𝑠𝑝 (𝐾)is dened as subproblem for any 𝐾⊆K
(3)
For any
𝐾⊆
Kand solution to the previous step’s subprob-
lem (i.e.,
𝑆𝑜𝑙𝑠 𝑝 (𝐾)
), the augmentation problem is dened as
P𝑎𝑢𝑔(𝐾 , 𝑆𝑜𝑙𝑠𝑝 (𝐾)).
The SA algorithm executes the following steps:
•
Obtaining independent samples from Kbased on the sam-
pling probability
•
Finding the solution to the dened subproblem and the aug-
mented problem (for random sample it obtained in the pre-
vious step)
•
The SA algorithm outputs the aggregate solution to the sub-
problem and augmentation problem as nal solution.
Formulating RPP as a minimization problem yields a variation of the
uncapacitated facility location problem (UFLP) and the Steiner tree
problem. Without hubs connection requirements (i.e., removing
the Steiner tree problem from
(
1
)
), the
(𝑃)
problem becomes an
UFLP instance, which has been shown to be NP-hard and widely
investigated in the literature.
Algorithm 1applies a well-established approximation algorithm
to obtain a good solution for the Spoke-to-Hub (SH) assignment
problem, which we will introduce shortly, to choose which hub PEs
FIRA ’22, August 22, 2022, Amsterdam, Netherlands M. Borhani, I. Avgouleas, A. Gurtov
to open from the list of candidate hub locations. Then, in the sam-
pling step of algorithm 1, each spoke PE is marked independently
by the probability of
𝛽
, and in the solution to the SH assignment
problem, we activate the hub PEs to which the marked PEs are allo-
cated. Algorithm 1applies connection requirements on the marked
PEs by using approximated solution to the Steiner tree problem
[
16
,
22
] to link the hub PEs and extends this solution to include the
open hubs (augmentation step).
Algorithm 1: Approximation Algorithm for RPP.
1𝛾∈ (0,1];
2𝐹← ∅;
3𝛽←𝛾
𝑁;
/* Solving UFLP */
4
Execute the 3
−
approximation algorithm for Spokes-to-Hubs
(𝑆𝐻 )Assignment problem, and obtain the solution as
𝐻=(𝐹𝐻, 𝑥𝑖 𝑗 );
/* Sampling */
5Sample (mark) a spoke 𝑃𝐸 ∗at random ;
6Sample every other spoke non-marked PE independently
with probability 𝛽;
7Let 𝑀={set of marked PEs} ;
/* Augmentation */
8for all 𝑖′∈𝐹𝐻if ({𝑗|𝑗∈ D and 𝑥𝑖′𝑗=1} ∩𝑀≠0)then
9𝐹.add(𝑖′);
10 end
11 Execute the 2−approximated Steiner Tree 𝑇on the set 𝑀;
12
Augment
𝑇
with adding the shortest paths from each spoke
PE 𝑗∈𝑀and its associated hub PE;
13 Find a tree 𝑇′′ which spans the 𝐹;
14 Allocate each spoke PE 𝑗∈ D to its closest hub PE in 𝐹;
15 return {𝐹, 𝑇 ′′}
3.4 Spokes-to-Hubs (SH) Assignment
The problem of assigning spoke to hub PEs can be formulated as
follows:
(𝑆𝐻 )minimize
𝑖∈𝐹
𝑗∈D
𝑑𝑖 𝑗 𝑥𝑖 𝑗 +
𝑖∈𝐹
𝑎𝑖𝑦𝑖(2a)
subject to
𝑖∈𝐹
𝑥𝑖 𝑗 ≥1, 𝑗 ∈ D (2b)
𝑥𝑖 𝑗 ≤𝑦𝑖, 𝑗 ∈ D and 𝑖∈𝐹(2c)
𝑥𝑖 𝑗 ∈ {0,1}, 𝑗 ∈ D and 𝑖∈𝐹(2d)
𝑦𝑖∈ {0,1}, 𝑖 ∈𝐹(2e)
Constraint (2b) forces each spoke to be assigned to at least one hub.
By (2c), only active hubs should be assigned to spokes, and the last
two constraints set the domain of the binary decision variables.
3.4.1 Approximation Algorithm of Spokes-to-Hubs
(𝑆𝐻 )
Assign-
ment. Since
(𝑆𝐻 )
is a form of the Uncapacitated Facility Location
Problem (UFLP), which has been shown to be NP-hard, we used
3
−
approximation algorithm based on primal-dual schema and La-
grangian relaxation to approximate its exact solution [12].
Table 1: Routing Entries for mid-size AS network with sup-
ported CE(1-10).
#Entries in Routing Tables for All PEs
#PEs Full-mesh Hub-Spoke #Hubs
100 50100 2092 3
150 109950 3794 5
200 192800 7879 7
250 302250 9889 7
300 440100 12303 9
Theorem 1. By using 3-approximation algorithm for SH assign-
ment problem, 2-approximation for the Steiner Tree problem, and
proper choice of
𝛽
[
3
], Algorithm 1 is an expected 6
.
6-approximation
algorithm for the RPP problem.
Proof. See Appendix A.
4 EVALUATION AND DISCUSSION
To evaluate the proposed algorithm’s performance, we implemented
Algorithm 1 on a PC running Windows 10 (4-core 2.60 GHz CPU),
equipped with 8GB of RAM. For performance evaluation, we em-
ployed various types of provider network topologies, including:
•
AS Network Topology: Since VPLS can be employed in large-
scale networks and there exists a demand for using VPLS
across multiple Autonomous Systems (AS), we generate AS
network graph with properties stated in [4].
•
Backbone Network Topology: We utilized backbone topolo-
gies from The Internet Topology Zoo [
15
] to evaluate the
path traversal in hub-spoke.
Table 1 compares the number of routing entries installed in all
PEs for full-mesh and hub-spoke. As motivated by the example in
Figure 1, the total number of routing entries in full-mesh equals
#PE ×#routing entries of each PE
, in which the latter term
for each PE is calculated by summing the number of CEs in the
network.
The number of routing entries for all PEs in hub-spoke obtained
by adding the routing entries installed for each spoke and hub PE
in the network. The number of routing entries for a spoke PE is
comprised of the number of its supported CEs plus the number of
hubs to which the spoke PE is connected. Furthermore, because
the hub PE should contain all of the network’s routing information,
the number of routing entries in the hub PE is computed by adding
all supported CEs in the network. Table 1 shows that for a random
number of CEs chosen from the interval (1-10), the number of
installed routing entries is signicantly reduced by leveraging the
hub-spoke relaying.
Figure 2 depicts the cost of the solution (i.e., summing the con-
nection cost between spoke PEs to hub PEs, opening cost of hub
PEs and cost of connecting all hub PEs in Steiner Tree) for proposed
Algorithm 1 and random hub placement. In random hub placement,
a subset of PE is randomly chosen to be hub PEs such that the
number of hubs in both approaches (Random Hub Placement and
Optimization of Relay Placement for Scalable
Virtual Private LAN Services FIRA ’22, August 22, 2022, Amsterdam, Netherlands
Figure 2: Solution cost for Random Hub Placement vs. Algo-
rithm 1.
Algorithm1) is the same. Moreover, in random hub placement, ran-
dom spoke PE assigned to hubs. Figure 2 shows that the Algorithm 1
generates less costly solutions for RPP than random hub placement.
Figure 3 illustrates the number of routing entries for large-scale
AS networks (400 to 800 PEs) in full-mesh. Furthermore, the routing
entries for hub-spoke for the same networks are depicted in Figure 4.
Obviously, as the number of PEs in the network grows, the routing
entries also increase. However, the increase is signicantly greater
with full-mesh. As a result, hub-spoke may be eectively used in
large networks.
Figure 3: Routing entries for a full-mesh large-scale AS Net-
work.
In hub-spoke data transmission, the source node transfers data to
its corresponding hub. The data is then forwarded to the second hub
associated with the destination PE, if necessary. Finally, the data is
sent to the nal PE destination through the second hub. We used
the two backbone networks to evaluate the additional path taken
Table 2: Comparison of path traversed by full-mesh vs hub-
spoke.
Extra Path Traversed by Hub-Spoke
Network Location #Nodes Ratio Margin of
Error
Backbone,
Transit
US 51 1.387 1.3873
±0.115
(±8.26%)
Backbone,
Customer
NL 50 1.536 1.5361
±0.0774
(±5.04%)
by the hub-spoke, in which each link (edge) of the network graph
is represented by the distance between corresponding nodes (PE)
creating that link in kilometers. Furthermore, a random number of
Figure 4: Routing entries for a hub-spoke Large-scale AS
Network.
PE is chosen to create source_destination pairings for communi-
cation. The average amount of routing cost (i.e., path length with
respect to the edge cost) in the hub-spoke divided by the same
value for full-mesh is the ratio for several selections of random
source_destination pairs in Table 2. The average increase in path
length in traversed distance caused by hub-spoke design is repre-
sented by this ratio. Table 2 includes the ratio for both backbones
with 95% condence interval reported.
In the next experiment, we used Mininet to implement HIPLS in
full-mesh and hub-spoke for a network topology in the USA. We
purposefully chose a geographically dispersed network graph to
examine the proposed approach in the extreme hub-spoke scenarios,
in which relaying can add considerable latency
1
. In Mininet, the
propagation delay of the link was estimated using the distance
between nodes. Figure 5 depicts the Mininet simulation results from
four distinct scenarios. In hub-spoke scenarios, algorithm 1 is given
1http://www.topology-zoo.org/maps/Compuserve.jpg
FIRA ’22, August 22, 2022, Amsterdam, Netherlands M. Borhani, I. Avgouleas, A. Gurtov
Figure 5: Mininet latency experiment for full-mesh and hub-
spoke.
the network graph and the cost of placing a hub in the network
as inputs, and the output contains the number of hubs and their
locations, as well as the spokes’ associations with hubs. Comparing
the HIPLS (secure HIP-based VPLS) and IP connectivity (no security)
shows the cost of the delay one should pay to secure the VPLS
network (5
.
553
𝑚𝑠
more delay to secure full-mesh VPLS). Comparing
HIPLS and IP connectivity in both full-mesh and hub-spoke stressed,
as predicted, that oering a relaying imposes increase in path length
(higher RTT delay) to decrease routing entries in PEs. For instance,
the HIPLS needs to endure an extra 3
.
685
𝑚𝑠
delay in hub-spoke
compared to full-mesh on average RTT.
5 CONCLUSIONS AND FUTURE WORK
We studied the relay placement problem in the context of Virtual
Private LAN Services. To our knowledge, this is the rst attempt to
extend the VPN relaying problem to the case of encrypted tunnels
between the PE nodes with Host Identity Protocol (HIP). Although
the main problem is intractable due to NP-hardness, we propose
a fast approximation algorithm. Initial simulations show that it
can decrease fast memory demands in PE nodes up to a hundred
times with proper hub-spoke relays, compared to full tunnel mesh
between PE nodes. This comes at a moderate increase in the latency,
as VPLS often carry real-time trac expecting LAN-level delays.
We currently lack accurate trac pattern and topologies data
for real-world VPLS deployments. We plan to construct realistic
topologies based on deployment scenarios by the Tempered com-
pany (tempered.io). One such scenario includes connecting several
hundred building within a university campus to a VPLS. Another
is connecting all wind generators within a single energy provider
together. Obviously, trac patterns can be also very dierent, rang-
ing from all-to-all communication closer to a full-mesh of tunnels,
up to strictly leaf devices reporting to a single server. We will use
these data to improve the accuracy of our model and simulations.
ACKNOWLEDGMENT
This work was in part supported by the Excellence Center at Linköping
– Lund in Information Technology (ELLIIT) and Graduate School
in Computer Science (CUGS).
REFERENCES
[1]
MohammadHossein Bateni, Alexandre Gerber, Mohammad Taghi Hajiaghayi,
and Subhabrata Sen. 2009. Multi-VPN Optimization for Scalable Routing via
Relaying. In INFOCOM 2009. IEEE, 2756–2760.
[2]
Cisco. 2019. Cisco VPLS Project. https://www.cisco.com/c/en/us/products/ios-
nx-os- software/virtual-private- lan- services-vpls
[3]
Friedrich Eisenbrand, Fabrizio Grandoni, Thomas Rothvoß, and Guido Schäfer.
2008. Approximating Connected Facility Location Problems via Random Facility
Sampling and Core Detouring. In Proceedings of the Nineteenth Annual ACM-SIAM
Symposium on Discrete Algorithms (SODA ’08). Society for Industrial and Applied
Mathematics, USA, 1174–1183.
[4]
Ahmed Elmokash, Amund Kvalbein, and Constantine Dovrolis. 2010. On the
Scalability of BGP: The Role of Topology Growth. IEEE Journal on Selected Areas
in Communications 28 (2010), 1250–1261.
[5]
Michael R. Garey and David S. Johnson. 1979. Computers and Intractability: A
Guide to the Theory of NP-Completeness. W. H. Freeman & Co., USA.
[6]
Kuntal Gaur, Anshuman Kalla, Jyoti Grover, Mohammad Borhani, Andrei Gurtov,
and Madhusanka Liyanage. 2021. A Survey of Virtual Private LAN Services
(VPLS): Past, Present and Future. Computer Networks 196 (2021).
[7]
Anupam Gupta, Amit Kumar, Martin P
´
al, and Tim Roughgarden. 2007. Ap-
proximation via Cost Sharing: Simpler and Better Approximation Algorithms for
Network Design. J. ACM 54, 3 (2007).
[8]
Anupam Gupta, Amit Kumar, and Tim Roughgarden. 2003. Simpler and Better
Approximation Algorithms for Network Design. In Proceedings of the Thirty-Fifth
Annual ACM Symposium on Theory of Computing (STOC ’03). Association for
Computing Machinery, New York, NY, USA, 365–372.
[9]
Anupam Gupta, Martin Pál, R. Ravi, and Amitabh Sinha. 2004. Boosted Sampling:
Approximation Algorithms for Stochastic Optimization (STOC ’04). Association
for Computing Machinery, New York, NY, USA, 417–426.
[10]
David Hasselquist, Abhimanyu Rawat, and Andrei Gurtov. 2019. Trends and
Detection Avoidance of Internet-Connected Industrial Control Systems. IEEE
Access 7 (2019), 155504–155512.
[11]
T Henderson, S Venema, and D Mattes. 2011. HIP-based virtual private LAN
service (HIPLS). Internet Draft, IETF (2011).
[12]
Kamal Jain and Vijay V. Vazirani. 2001. Approximation Algorithms for Metric
Facility Location and k-Median Problems Using the Primal-Dual Schema and
Lagrangian Relaxation. J. ACM 48, 2 (2001), 274–296.
[13]
Juniper. 2019. Juniper Networks-VPLS. https://www.juniper.net/documentation/
junos/topics/concept/vpls-security- overview.html
[14]
Changhoon Kim, Alexandre Gerber, Carsten Lund, Dan Pei, and Subhabrata
Sen. 2008. Scalable VPN Routing via Relaying. In Proceedings of the 2008 ACM
SIGMETRICS International Conference on Measurement and Modeling of Computer
Systems (SIGMETRICS ’08). ACM, New York, NY, USA, 61–72.
[15]
Simon Knight, Hung X. Nguyen, Nickolas Falkner, Rhys Bowden, and Matthew
Roughan. 2011. The Internet Topology Zoo. IEEE Journal on Selected Areas in
Communications 29 (2011), 1765–1775.
[16]
L. Kou, George Markowsky, and L. Berman. 1981. A Fast Algorithm for Steiner
Trees. Acta Informatica 15 (1981), 141–145.
[17]
Madhusanka Liyanage and Andrei Gurtov. 2013. A scalable and secure VPLS
architecture for provider provisioned networks. In 2013 IEEE Wireless Communi-
cations and Networking Conference (WCNC). IEEE, 1115–1120.
[18]
Madhusanka Liyanage, Jude Okwuibe, Mika Ylianttila, and Andrei Gurtov. 2015.
Secure Virtual Private LAN Services: An overview with performance evaluation.
In 2015 IEEE International Conference on Communication Workshop (ICCW). 2231–
2237.
[19]
Pekka Nikander, Andrei Gurtov, and Thomas R. Henderson. 2010. Host Identity
Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy
over IPv4 and IPv6 Networks. IEEE Communications Surveys Tutorials 12 (2010),
186–204.
[20]
Nokia. 2019. Nokia VPLS Course. https://networks.nokia.com/src/course/virtual-
private-lan- services
[21]
Satish Raghunath, K. K. Ramakrishnan, Shivkumar Kalyanaraman, and Chris
Chase. 2004. Measurement Based Characterization and Provisioning of IP VPNs.
In Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement
(IMC ’04). ACM, New York, NY, USA, 342–355.
[22]
Gabriel Robins and Alexander Zelikovsky. 2005. Tighter Bounds for Graph Steiner
Tree Approximation. SIAM Journal on Discrete Mathematics 19 (2005), 122–134.
[23] Tempered. 2022. Whitepaper IDN. https://www.tempered.io
Optimization of Relay Placement for Scalable
Virtual Private LAN Services FIRA ’22, August 22, 2022, Amsterdam, Netherlands
A PROOFS
We need to bound the below costs:
•Cost of opening hubs
•Cost of connecting spokes to hubs
•Cost of connecting hubs through Steiner Tree
In optimal solution, we have:
•𝑂∗: Opening cost of hub PEs
•𝐶∗: Connection cost between spoke PEs and hub PE
•𝑇∗: Steiner Tree cost
Moreover, in Algorithm 1, we have:
•𝑂𝑠ℎ
: Opening cost for approximation solution to SH assign-
ment
•𝐶𝑠ℎ
: Connection cost for approximation solution to SH as-
signment
By considering 𝑂𝑃𝑇 =𝑂∗+𝐶∗+𝑇∗, and Section 3.4 we obtain
𝑂𝑠ℎ +𝐶𝑠ℎ ≤3𝑂𝑃𝑇𝑠ℎ ≤3𝑂𝑃𝑇
Lemma 1 [
3
]: By considering
𝜌𝑠𝑡 =
2as the approximation ratio for
Steiner Tree solution, the Steiner cost of T in Algorithm 1 is:
𝐸[𝑇] ≤ 𝜌𝑠𝑡 (𝛽 𝑁 (1+𝑜(1))𝐶∗+𝑇∗) + 𝛽𝑁 (1+𝑜(1) )𝐶𝑠ℎ )
Lemma 2 [3]: The connection cost of 𝐶in Algorithm 1 is:
𝐸[𝐶] ≤ 𝐶𝑠ℎ +2𝐶∗+𝑇∗
𝛽𝑁
Now, we can obtain the expected approximation ratio for Algorithm
1 as (considering the approximation ratio for (sh) problem as
𝜌𝑠ℎ =
3):
𝐸[Solution Cost] ≤ 𝐶𝑠ℎ +2𝐶∗+𝑇∗
𝛽𝑁 +𝛽 𝑁 𝐶𝑠ℎ
+𝜌𝑠𝑡 (𝛽𝑁𝐶∗+𝑇∗) + 𝑂𝑠ℎ
≤𝜌𝑠𝑡 (𝛽𝑁𝐶∗+𝑇∗) + 2𝐶∗+𝑇∗
𝛽𝑁
+ (𝑂𝑠ℎ +𝐶𝑠ℎ ) (1+𝛽 𝑁 )
≤𝜌𝑠𝑡 (𝛽𝑁𝐶∗+𝑇∗) + 2𝐶∗+𝑇∗
𝛽𝑁
+𝜌𝑠ℎ (𝑂∗+𝐶∗) (1+𝛽 𝑁 )
≤6.6𝑂𝑃𝑇 for 𝛽=0.33/𝑁
