Scalable overlay network deployment for dynamic collaborative groups

Scalable deployment and management of overlay networks for collaborative groups with dynamic membership are discussed. In deploying overlay networks for such dynamic groups, unlike in pre-defined static VPN deployment, a mechanism to keep security policies in member nodes updated for membership changes and a mechanism to adaptively reconfigure a topology must be supported. However, previous approaches have scalability problems in supporting these mechanisms. We propose a scalable overlay network deployment scheme to minimize the impact of membership changes. In the scheme, the IPsec policy required for delivering packets to a destination node is resolved on an on-demand basis to eliminate the advertisement-based updates of membership changes. Our approach also provides two modes of overlay topology operation to address dynamic changes in the number of nodes. While the mesh mode eliminates a tunnel initiation/teardown behavior for membership changes, the graph mode creates a graph-structured topology reconfigurable with a constant number of initiated/torn-down tunnels for node joins/leaves. We evaluate a management server load on dynamic membership changes and show the efficient performance of our scheme for increasing the number of nodes. We also show that our topology reconfiguration algorithm provides a smaller number of initiated/torn-down tunnels for changes in the number of nodes than previous approaches.