Skip to Main Content
Scalable deployment and management of overlay networks for collaborative groups with dynamic membership are discussed. In deploying overlay networks for such dynamic groups, unlike in pre-defined static VPN deployment, a mechanism to keep security policies in member nodes updated for membership changes and a mechanism to adaptively reconfigure a topology must be supported. However, previous approaches have scalability problems in supporting these mechanisms. We propose a scalable overlay network deployment scheme to minimize the impact of membership changes. In the scheme, the IPsec policy required for delivering packets to a destination node is resolved on an on-demand basis to eliminate the advertisement-based updates of membership changes. Our approach also provides two modes of overlay topology operation to address dynamic changes in the number of nodes. While the mesh mode eliminates a tunnel initiation/teardown behavior for membership changes, the graph mode creates a graph-structured topology reconfigurable with a constant number of initiated/torn-down tunnels for node joins/leaves. We evaluate a management server load on dynamic membership changes and show the efficient performance of our scheme for increasing the number of nodes. We also show that our topology reconfiguration algorithm provides a smaller number of initiated/torn-down tunnels for changes in the number of nodes than previous approaches.