 Virtual private networking is a well-known terminology in the context of classical networking. Many internet folks are well aware of that. In the context of next generation networks, let's look at how the NGN modifies the delivery and the provisioning of VPN services. So, we'll start off with the definition, basically virtual private networking is a mechanism through which the users are made to interact with each other across publicly shared IP network to exchange data amongst each other in a way as if they are doing it in a private setting. So, it's a service which is primarily meant for carrier-grade IP networks, that is a network involving the service provisioning across a certain large demographic coverage. Classically, when ITF-defined VPN, they emphasized on two concepts, multi-protocol label-switching and the border gateway protocol. Multi-protocol label-switching is a mechanism through which the quality of service provisioning can be ensured against the best-effort traffic. And we know that the QoS provisioning requires some resource allocation and guaranteed service. So this is where MPLS comes in. As far as the border gateway protocol version 4 is concerned, it, like earlier versions or the predecessors of BGP, root reachability is a requirement. But BGP version 4 particularly emphasizes on the classless inter-domain routing for identifying the end points at the provider's edge routers. Classically, the definition of VPNs has not changed much. In the context of NGN, again, the same types are being provisioned. We have the site-to-site VPN where we have a head office and then we have branch offices or we have individuals or groups spread over large geographical area such as a gaming community or online research collaboration systems. So this is where the virtual private networks are created which connect different user communities to each other. Then we have the ex-site VPN delivery, which is primarily meant for an intra-organizational workforce. Here, different employees or the mobile workers may access their infrastructure or their intranet through certain other corporate networks. So work from home is one such example. Then we have the multi-service VPNs where quality of service provisioning becomes a more serious requirement because we have multimedia traffic including audio, video, and text. So here, quality of service provisioning needs some guarantees. So these are essentially the three broad types of VPNs. As far as the functionality of NGN is concerned, we have two strata, the service stratum and the transport stratum. We quickly look at both of these, but to begin with, service stratum is more close to the user side. So here, we need to have the application support and service functions which are meant to implement the user side API configurations on behalf of a certain virtual private network community. And certain requests is made from the client, for example, one end of a VPN client. So it means some kind of membership grant activity has to be executed, including the registration of that user, authentication and authorization requirements are fulfilled here. Then some security provisioning has to be made. This is the scope of the service stratum, QS provisioning. If the user is mobile, then the handoff, particularly soft handoff using mobile IP is the scope of the service stratum. If the VPN is allowing multicast traffic delivery amongst the VPN members, then a multicast service control mechanism also has to be implemented to allow the streaming of traffic to multiple destinations. Similarly, the join, leave and partition, if you're interested in isolating the VPN traffic to a limited set of users, then that is also the scope of service stratum. Now let's look at the overall architecture. Here we have, this is the classical NGN figure that we've been seeing so many times. We've got the application to network interface that allows the applications to talk to the underlying NGN architecture. Here we have the service stratum and the transport stratum. We've talked about the service stratum. Let's quickly also look at the transport stratum. Here in transport stratum, we already are aware of the network attachment and control function and resource allocation and the resource admission control functions. Here, these are now being configured with a virtual private network in mind. Each user would have its own profile depending upon the service subscription. The transport delivery mechanisms would be as per the user profile. Then the control management functions which are governing the VPN would include the control information that is shared amongst all the members to realize the transportation, including admission, traffic delivery and then termination of service. Essentially, we have these two strata which are taking care of VPN services in a more micro specified manner. We look at the user-to-network interface and the network-to-network interface as well. Here we see that the management functions of VPN are governed by the network administrators which are working in, for example, a NOC network operations center. Then on the other side, we have the network-to-network interface which is allowing the particular NGN entity to talk to extraneous networks which may be other NGN service providers or which are non-NGN operators.