Optimization of relay placement for scalable virtual private LAN services

Abstract

Virtual Private LAN Services are becoming popular for securely connecting geographically dispersed devices to a common protected LAN network isolated from the rest of the Internet. Traditional IP routing protocols cannot provide such connectivity; thus an overlay network of encrypted HIP/IPsec tunnels can be used instead. However, the number of full-mesh tunnels between communicating devices grows exponentially to the number of devices thereby suggesting the investigation of alternatives. The introduction of relaying, which entails selecting a subset of hub routers to retain full-mesh connectivity, allows non-hub routers, the so-called spokes, to maintain connectivity via a hub. In this work, we study the effect of relay-based routing that minimizes the number of hubs, the connection cost between spokes and hubs, the cost of connecting hubs, and the hubs deployment cost. Additionally, we prove that this minimization problem is NP-hard and, thus, intractable for large scale networks. Therefore, we propose an algorithm with provable guarantees that provides an approximate but efficient solution. Initial simulation results indicate a reduction by more than 90% in the memory required for routing tables at the expense of a minor increase in the tunnel path length.