Object-oriented method and architecture for virtual private network service management

One of the major trends in the evolution of current corporate networking is an increasing need for high performance long distance communications. Provided as an alternative to leased lines networks, virtual private networks (VPNs) are gaining increasing acceptance among customers and network providers by providing corporate networking between geographically dispersed customer premises based on a shared public switched network infrastructure. As a contribution towards this evolution, the present thesis proposes a generic object-oriented architecture for open distributed VPN services integrating service and management issues all along the modeling process. The aim of this VPN architecture is not only to provide a descriptive model of VPNs but also to illustrate possible ways of operating on that model to solve VPN related service or management issues. The architecture proposed is generic in the sense that, firstly, it is network technology independent and, secondly, that it captures the fundamental characteristics common to all VPNs. This latter aspect is very important as, due to the lack of standardization in this area, current VPNs are more marketable products than well-defined telecommunications services. The notion of distribution is also very important as telecommunications systems in general, and VPNs in particular, are intrinsically distributed. Indeed, a VPN can be seen as a distributed application running on the multiple nodes of telecommunications networks. To effectively deal with this de facto distribution and to exploit at best the benefits it can provide the VPN service and management services have been conceived from the very beginning as distributed applications. For this purpose, and due to the lack of satisfactory existing solutions in this area, an object-oriented method for the specification and design of open distributed telecommunications and management services has been developed. The proposed method combines the ODP (Open Distributed Processing) concepts and stucturing rules with the systematic development process advocated by an object-oriented software engineering method called Fusion. This method provides an architectural framework and a seamless thread from problem definition to the realization of the distributed telecommunications system, based on hierarchically related abstraction levels. Mapping rules, guidelines and notations are proposed on how and when enterprise, information and computational models should be built, in particular based on models performed at a higher abstraction level. The method has then been applied to the specification of the generic VPN architecture itself. In the enterprise viewpoint the scope of the VPN service has been refined and limited to the provision, within the public domain boundary, of internetworking services between customer premises networks. The main actors involved in using, providing and managing the VPN service have been described as well as interactions between them. Based