[e2e] How can the VPN service level agreement be enforced crossing ASs?

[Yingfei Dong]

hi, there,

I have a question about the implementation of VPN across different ASs.
How can the VPN service level agreement be enforced crossing ASs?
(If this is not the right list to post this question, please let me where
I need post this. Thanks.)

The service guarantee in a single domain is not too difficult to achieve.
However, if a src and a des of a VPN pipe are in two different ASs, how
the VPN is implemented? We can buy bandwidth guarantee from two
ISPs, but how to connect the two separarted pipe as a whole VPN pipe at
the edge of ASs?

The whole VPN pipe either crosses a NAP or goes through a private peering
link between the two ASs. If it crosses a NAP, there is no control for the
VPN pipe at the NAP. If it crosses a private peering link, are there some
service agreements (e.g., bandwidth provision) on the private peering link
between two ISPs?  (Most likely, the agreement is only about reachibility
through BGP policies.) If no service provision on the peering link, the
SLA of the VPN pipe is broken at the link.

So, it is not clear how the SLA of a crossing-domian VPN is achieved
Could anyone point out some references about this?

One possible example I know is InterNAP, but they don't give any details
about their implementation.
InterNAP sets up service agreements with ISPs and builds their own Private
NAPs. They claim that using their Private NAPs (which run their
intelligent optimzed routing algorithms) can direct the traffic to
a proper AS to achieve certain service quality.
How to implement the private NAPs is very interesting.

Looking forward to your comments or references. thanks a lot,


yingfei

===================================================
Yingfei Dong
Ph.D student, U of Minnesota,
4-192 EECS Building,
200 Union Street, SE            Tel: 612-626-7526
Minneapolis, MN 55455           FAX: 612-625-0572
===================================================