Evaluation and Optimization of Virtual Private
Network Operation Quality
V. A. Babkin
Mobile Telesystems PJSC
Moscow, Russia
fispol@mail.ru
Abstract — For communication services imposed on top of
the disparate data transmission technologies assembled into a
single system, the issues of comprehensive assessment of the
quality of collaboration of such heterogeneous technologies
within the framework of ensuring the quality of a unified
communication service are not fully developed. The solution of
this issue will ensure the overall quality of the service provided
with the ability to localize the problem network segment and
identify the causes of possible deterioration in the quality of the
service provided.
Keywords— virtual private network, accessibility, quality
indicators.
I. INTRODUCTION
In the market of communication services for providing
data transfer between remote divisions of commercial
companies or state / municipal structures, a service called the
Virtual Private Network (VPN) is required [1]. The key
feature of this service is the creation of a virtual tunnel in the
carrier’s network between the points of connection of client
network devices installed in various client departments to the
carrier’s network. Having a virtual tunnel for each connection
allows you to isolate the traffic of various clients of a given
service from each other and from any other traffic in the
network of the service provider. This allows any client to use
their local communications network with their network
settings for communication between their remote departments
and provides primary network security by isolating customer
traffic inside the personal tunnel.
II. STRUCTURE OF THE VIRTUAL PRIVATE NETWORK SERVICE
In general, the structure of the transmission network
between remote client units has the following form, presented
in Figure 1:
• logical channels or physical lines of communication
for connecting the network equipment of remote client
units to the operator’s network segment where virtual
tunnels are organized (channels / lines of client
access);
• carrier segment of the network where virtual tunnels
are organized to provide communication between the
channels / lines of client access (technological “cloud”
of the carrier network).
978-1-7281-3238-9/19/$31.00 ©2019 IEEE
E. P. Stroganova
Moscow Technical University of Communications and
Informatics
Moscow, Russia
es@radiotest-mtuci.ru
Here it should be noted that the virtual private network
service is provided between points of client equipment
connection to the operator’s network and if the client access
channels / lines are in the operator’s area of responsibility,
then the service is provided to the client between the points of
connection of its network equipment to access channels / lines
[1]. Further consideration of the assessment of the quality of
virtual private network services will be based on the
belonging of the channels / lines of access of the service to the
area of responsibility of the operator.
Fig. 1. Technological components of virtual private network services.
When considering the provision of virtual private network
services, consideration will be given to the provision of this
service on a communication network built on packet
switching technology.
In terms of organizing communications between client’s
departments within the operator’s technological “cloud”, the
following main topologies for building such connections can
be distinguished [1]:
• point to point,
• point-to-multipoint,
• multipoint-multipoint.
At the technological level, a virtual private network
service can be organized at levels 1, 2 and 3 of the OSI model
[2], [3], including organization of the service at 2 or 3 levels
of the OSI model using MPLS technology [4].
Next, the multipoint-multipoint topology will be
considered, since the other topologies mentioned above are
degenerate cases of multipoint topology.
 III. EVALUATION OF THE SERVICE ACCESSIBILITY
The overall service availability assessment can be
described by the formula:
DVPN = DS * DT * DD (1)
where: DS - the availability of the channel / access line of the
traffic sender,
DD - the availability of the channel / access line of the
traffic recipient,
DT - the availability of the tunnel between the sender
and receiver of traffic.
It should be borne in mind that the availability of channels
/ lines of access of the sender and the recipient of traffic
directly affect the ability to send or receive traffic in the
client’s units connected to them, since these channels / lines
are virtually non-alternative sections of the network for
transmitting traffic between the sender and receiver.
The availability of a specific tunnel within the carrier’s
technology “cloud” only affects the ability to exchange traffic
between a specific pair of sender and receiver of traffic.
From this we can conclude that the control of accessibility
of channels / access lines is the primary task in controlling the
quality of the virtual private network service.
Assessment of availability between points of connection
of channels / communication lines within the operator’s
technological “cloud” (availability of the network layer) can
be made taking into account the importance (cost) of
communication between specific customer units and in terms
of cost (importance) of information services provided by these
links ( availability of service level).
When assessing network availability in the course of
providing a service, the principal possibility of exchanging
traffic between points of client connections inside the
technological “cloud” is estimated. To carry out such an
assessment, a network connectivity matrix is formed, which is
an adjacency matrix [5], which describes interconnected
tunnels along the inside of the “cloud” point of connection of
channels / access lines within the technological “cloud”.
 N11  N1n 
N =      (2)
 N m1  N mn 
where: n = m - the number of points of connection of channels
/ access lines inside the technological "cloud",
Nij - cost (importance) of a specific tunnel functioning
between points of connection of channels / access lines
inside the technological cloud for a client according to
a certain scale of values (for example, from 1 to 10, if
there is no need for a tunnel between the corresponding
points, the matrix element value is zero).
Each row of such a matrix should refer to a specific point
of connection of the channel / access line inside the
technological “cloud” and contain values of the cost
(importance) of the availability of the remote connection
point. The cost of accessibility itself in this case is zero (zero
values for the main diagonal).
An analogous connectivity matrix can be compiled for
each client service (such as traffic) transmitted within the
virtual network.
 S11  S1n 
S =      (3)
 Sm1  Smn 
where: n = m - the number of points of connection of channels
/ access lines inside the technological "cloud",
S - cost (importance) of a specific tunnel functioning
between points of connection of channels / access lines
inside the technological cloud for a client on a certain
scale of values (for example, from 1 to 10, with
complete noncriticality or no need for a tunnel between
the corresponding points, the value of the matrix
element is zero).
Matrices of network connectivity and service connectivity
can vary among themselves, since A network connectivity
matrix can be formed not only on the basis of the need to
provide service connectivity, but also taking into account
many other circumstances. For example, given the cost of
organizing connections between some remote units, some
remote sites for the placement of units may be transit points
for the transmission of service traffic.
In the ideal case, in order to ensure the optimal
construction of communication channels within a virtual
private network, a network connectivity matrix should be
formed by adding all the service matrices.
N = S1 +…+ S n (4)
If it is necessary to form an assessment of resource and
service availability, it is necessary to form a matrix of the
resource and service cost of tunnels:
 N11  N1n   S11  S1n 
R = N + S =      +      (5)
 N m1  N mn   Sm1  Smn 
The coefficient of the resource and service cost of a
specific virtual private network tunnel within the operator’s
technological “cloud” will be defined as:
 Ri , j where: Di - availability of a specific channel / access line of a
K ( R )i , j = (6) virtual private network,
 
m n
j =1
R
i =1 i , j
n - the number of channels / access lines.

In view of the fact that from a technological point of view,

Similarly, the tunnel network cost factor can be formed: access channels / lines can be organized using various
technologies of their construction, they can be grouped
according to technological features and their accessibility can
Ni, j also be made taking into account belonging to a certain
K ( N )i , j = (7)
 j =1 i =1Ni , j
m n technological group.

IV. NETWORK PERFORMANCE EVALUATION

Or the coefficient of service cost of the tunnel:
Si , j
K ( S )i , j =
 j =1 i =1Si, j
m n
These coefficients in their physical sense are indicators of
the importance of the availability problem for a particular
tunnel and should be used when allocating the importance of
emergency and recovery operations in the network of a
telecom operator.
The coefficients can also be used in the overall assessment
of the availability of tunnels of virtual private network
services within the technological cloud. In this case, the
overall availability ratio of the virtual private network, taking
into account (1), will consist of 2 components:
DVPN = DACC * DTUN
where: DACC - the total accessibility of access channels / lines
of the virtual private network,
DTUN - the overall availability of virtual private
network tunnels.
Taking into account the coefficient of resource-service
cost, the overall availability of virtual private network tunnels
will be determined as follows:
m n
DTUN = K ( R )i , j * Di , j
j =1 i =1
where: Di,j - the availability of a specific tunnel between the
points of connection of channels / lines of access of the
virtual private network to the technological “cloud”.
For channels and access lines:

n
Di
DACC = i =1
n
Providing the necessary network performance [6] is an
important task to ensure the quality of the communication
network. Evaluation of network performance indicators
(8) (Network Performance - NP) [7] should be made relative to
the established allowable values [8], [9] separately for access
channels / lines and tunnels organized in the technological
“cloud”. The concept of productivity is inherently an integral
value in the form of a comprehensive assessment of the
quality of services [10] and there are methods for the
formation of integral values of quality indicators [11].
The performance value is affected by the parameters of
network equipment, the parameters of the transmitted traffic,
the requirements for the allowable range of values of traffic
parameters from the part of the communication service being
served. A set of parameters and their boundary values form a
hypersurface in the multidimensional parameter space for
assessing the quality of the network’s performance in
transmitting traffic of a particular communication service,
taking into account where the quality assessment vector is in
(9) relation to a given surface. Taking into account the fact that
the services defining the requirements for the values of
indicators for traffic transmission and the type of traffic
transmitted are determined external to the communication
network by the service user, there is a possibility that the
communication network will be subject to traffic transmission
requirements that it cannot to satisfy, which introduces a
certain probabilistic component in the provision of the
required performance by the network for the transmission of
client traffic [12].
A general assessment of performance in providing
communication between the sender and the traffic recipient of
the service can be represented as follows:
(10)
PVPN = PS * PT * PD (12)
where: PS - the performance of the channel / access line of the
traffic sender,
PD - the performance of the channel / access line of the
traffic recipient,
PT - the performance of the tunnel between the sender
and receiver of traffic.
(11)
The performance of the channels / access lines are subject
to optimization by changing the values of their parameters.
 With insufficient performance of a specific tunnel in the
technology “cloud”, you can try to improve the performance
of the “cloud” by changing the transmission path of traffic by
redirecting traffic to other tunnels through which an
alternative traffic path can be built. For this purpose, an
appropriate tunnel performance matrix can be used,
constructed similarly to the network connectivity matrix (2):
 P11  P1n 
P =      (13)
 Pm1  Pmn 
where: n = m - the number of points of connection of channels
/ access lines inside the technological "cloud",
Pij - performance of a specific tunnel between points
of connection of channels / access lines inside the
technological "cloud".
The application of appropriate topology analysis
algorithms to the tunnel performance matrix allows the choice
of optimal performance tunnels for the transfer of traffic
between the respective senders and traffic receivers.
In view of the fact that for tunnels there may be several
performance indicators and they may have different
importance due to the different type of traffic [13] transmitted
over the virtual network, then for each indicator its own
matrix for evaluating the performance of tunnels and
optimizing the transmission route of a certain type inside
technological "clouds" in this case is produced by the
performance matrix related to the most important indicator. If,
as a result of optimization, several optimal ways of traffic
transmission are obtained, further selection can be made on
the basis of the matrix of the next most important indicator.
The total value of the performance indicator of the traffic
transmission path is optimized by the maximum value of the
performance function:
K1 * P1 +…+ K n * Pn
F ( P) = (14)
( K1 +…+ K n )
where: n - the number of performance indicators,
P - the value of the corresponding performance
indicator,
K - the coefficient of importance of the corresponding
performance indicator.
When forming the evaluation function, it is necessary to
take into account the permissible deviations of the values of
the performance indicators from the established boundary
values [14-16].
V. СONCLUSION
The formation of a virtual private network topology in the
form of a network connectivity matrix, taking into account the
client service matrices, allows the construction of the most
optimal network topology. In the case of difficulties in
ensuring the construction of a network topology exactly in
accordance with the customer service topology, it is
recommended to use a resource-service matrix to assess the
impact of tunnel availability on the quality of services.
When planning to troubleshoot the availability of tunnels
in a virtual private network, it is recommended to use tunnel
cost coefficients for optimal prioritization of remediation
work.
Using the matrix of integral performance values for
quality indicators allows assessing network performance in
relation to the type of traffic for which this indicator is most
critical and, if necessary, form optimal paths for transmitting
this type of traffic between the sender and receiver.
REFERENCES
[1] Recommendation ITU-T Y.1311, “Network-based VPNs – Generic
architecture and service requirements”, 03/2002.
[2] Recommendation ITU-T X.210, “Open System Interconnection Layer
Service Definition Conventions”, 11/1988.
[3] GOST R ISO / IEC 7498-1-99, “Information Technology, Open
Systems Interconnection, Basic Reference Model, Part 1, Basic Model”,
Moscow: State Standard of Russia, 1999. (in Russian).
[4] Recommendation ITU-T Y.1311.1, “Network-based IP VPN over
MPLS architecture”, 07/2001.
[5] K. Erciyes, “Distributed Graph Algorithms for Computer Networks”,
Springer-Verlag London 2013, 324 p.
[6] GOST R IEC 61069-4-2017, “Measurement, control and automation of
the industrial process. Determination of system properties for the
purpose of its evaluation. Part 4. System performance evaluation”,
Moscow, Standardinform, 2017. (in Russian).
[7] Recommendation ITU-T Y.1540, “Internet protocol data
communication service – IP packet transfer and availability
performance parameters”, 07/2016.
[8] Recommendation ITU-T Y.1541, “Network performance objectives for
IP-based services”, 12/2011.
[9] Recommendation ITU-T M.2301, “Performance objectives and
procedures for provisioning and maintenance of IP-based networks”,
07/2002.
[10] Recommendation ITU-T E.802, “Framework and methodologies for the
determination and application of QoS parameters”, 02/2007.
[11] V. A. Babkin. Integral assessment of the level of utilization of the
communication channel. Vestnik svjazy, no. 11, pp. 6-11, Nov. 2018.
(in Russian).
[12] V. A. Babkin, E. P. Stroganova. Effective Criterias for Communication
Networks Monitoring. 2018 Systems of Signal Synchronization,
Generating and Processing in Telecommunications. SYNCHROINFO
2018, IEEE, 4-5 July 2018, 8456990, 2018.
[13] Recommendation ITU-T G.1010, “End-user multimedia QoS
categories”, 11/2001.
[14] V. A. Babkin, E. P. Stroganova. Principles of Indicators Formation for
Quality of Communication Networks Monitoring. 2018 Wave
Electronics and its Application in Information and Telecommunication
Systems, WECONF, IEEE, 26-30 Nov. 2018, 8604357, 2018.
[15] A. I. Sattarova, V. O. Varlamov, E. M. Lobov. Design and Simulation
of a Hybrid Filter Bank for Processing Wideband Signals with Low-
Speed ADCs. 2019 Systems of Signals Generating and Processing in
the Field of on Board Communications SOSG.2019.8706822, 2019.
[16] Varlamov, O., Varlamov, V., Dolgopyatova, A. “Digital radio
broadcasting network in the arctic region”, 2019. Conference of Open
Innovation Association, FRUCT. 2019, April, 8711933, pp. 457-462.