1

Tunable QoS-Aware Network SurvivabilityJose Yallouz Department of Electrical Engineering

Technion, Israel Institute of TechnologyEmail: jose@tx.technion.ac.il Ariel Orda Department of Electrical Engineering

Technion, Israel Institute of TechnologyEmail: ariel@ee.technion.ac.il

Abstract—Coping with network failures has been recognized asan issue of major importance in terms of social security, stabilityand prosperity. It has become clear that current networkingstandards fall short of coping with the complex challenge ofsurviving failures. The need to address this challenge has becomea focal point of networking research. In particular, the concept oftunable survivability offers major performance improvements overtraditional approaches. Indeed, while the traditional approachaims at providing full (100%) protection against network failuresthrough disjoint paths, it was realized that this requirementis too restrictive in practice. Tunable survivability provides aquantitative measure for specifying the desired level (0%-100%)of survivability and offers flexibility in the choice of the routingpaths. Previous work focused on the simpler class of “bottleneck”criteria, such as bandwidth. In this study, we focus on the im-portant and much more complex class of additive criteria, such asdelay and cost. First, we establish some (in part, counter-intuitive)properties of the optimal solution. Then, we establish efficientalgorithmic schemes for optimizing the level of survivability underadditive end-to-end QoS bounds. Subsequently, through extensivesimulations, we show that, at the price of negligible reduction inthe level of survivability, a major improvement (up to a factor of2) is obtained in terms of end-to-end QoS performance. Finally,we exploit the above findings in the context of a network designproblem, in which, for a given investment budget, we aim toimprove the survivability of the network links.

Index Terms—Survivability; Reliability; Fault-Tolerance; Rout-ing Algorithms.

I. INTRODUCTION

The internet infrastructure has been progressing rapidly sinceits deployment. Nowadays technologies offer rates of 100 Gbit/sand beyond [1], [2]. Current core routers, such as CRS-3,reach capacities of hundreds of terabits per second [3]. Withthis extreme increase of transmission rates, any failure in thenetwork infrastructure, e.g. a fiber cut or a router shutdown,may lead to a vast amount of data loss. Hence, survivability inthe network is becoming increasingly important.

In particular, failures in the network infrastructure shouldbe recovered promptly. For example, some standard recom-mendations, e.g. [4] [5], require that recovery from a singlefailure should be performed within 50ms. The literature dis-tinguishes between two major classes of recovery schemes,namely restoration and protection [6]. In restoration schemes,post-failure actions are performed in order to search for abackup path that would avoid the faulty element. In protectionschemes, on the other hand, pre-failure actions are performed

in order to pre-establish a backup solution for any possiblefailure. Protection schemes have an obvious advantage in termsof recovery time and are usually achieved by the establishmentof pairs of disjoint paths. Specifically, protection schemeshave been implemented in several network architectures, e.g.SONET/SDH and MPLS. In Multi-Protocol Label Switching(MPLS) [7], two major protection schemes are employed,namely 1:1 and 1+1. In 1:1 protection, the data is sent onlyover a single path, while the backup path is activated upon afailure on the first path. In 1+1 protection, the data is duplicatedover both paths.

We adopt the widely used single link failure model that aimsat handling single failure events. This model has been the focusof numerous studies on survivability, e.g. [8] [9] [10] [11] [12][13]. While the case of multiple failures should be considered,and, indeed, has been the subject of several studies (e.g., [14],[15], [16]),1 the single failure model does merit attention, dueto several reasons. First, when exploring novel survivabilityschemes, it is natural to begin with this basic case, whoseanalysis would then provide insight for future enhancementsfor handling multiple failures. Moreover, protecting against asingle failure is a common requirement of several survivabilitystandards, e.g. [4] [5]. In addition, a common approach forhandling multiple failures is to supply protection for the firstfailure and restoration for any subsequent ones. Moreover,being a first step in proposing a novel scheme, in this studywe focus on single independent failures, such as fiber cuts androuter shutdown, while enhancements for the case of dependentfailures (e.g. due to cyber attacks and natural disasters) remainan important subject for future work.

Under the single link failure model, the employment ofdisjoint paths provides full (100%) protection. Hence, this isthe common solution approach of path protection schemes.However, the requirement of fully link-disjoint paths is oftentoo restrictive and demands excessive redundancy in practice.Furthermore, a pair of disjoint paths of sufficient qualitymay not exist, occasionally making the requirement infeasible.Therefore, a milder and more flexible survivability concept iscalled for, which would relax the rigid requirement of link-disjoint paths by also considering paths containing commonlinks. Accordingly, a previous study [17] introduced the novel

1Some of these studies, e.g. [16], considered the failure of multiple compo-nents due to a single fault.

arX

iv:1

608.

0866

0v1

[cs

.NI]

30

Aug

201

6

2

concept of tunable survivability, which provides a quantitativemeasure to specify the desired level of survivability. Thisconcept allows any degree of survivability in the range 0% to100%, thus transforming survivability into a quantifiable metric.

Specifically, tunable survivability enables the establishmentof connections that can survive network failures with anydesired probability. Given a connection that consists of twopaths 2 between a source-destination pair under the singlefailure model, only a failure on a link that is common to bothpaths can disrupt the connection. Accordingly, we characterizea connection as p-survivable if there is a probability of at leastp to have all common links operational.

Quality of Service (QoS) refers to the capability of a net-work to provide guarantees to deliver predictable results [18].Elements of network performance within the scope of QoSmetrics often include survivability, bandwidth, delay, jitter andcost. Generally, we distinguish between two classes of QoSmetrics, namely: bottleneck metrics, such as bandwidth, whichare defined by the weakest component in the path, and additivemetrics, such as delay, which are defined by the sum ofthe corresponding metrics over the path’s links. Algorithmicschemes that combine the concept of tunable survivability withbottleneck metrics were established in [17] and [19]. However,the important and much more complex class of additive metricswas not considered. Accordingly, this is the subject of thepresent work.

When a connection is composed of two paths, there are sev-eral possibilities for defining its weight out of the weights of theconnection’s paths. Indeed, various studies considered severalweight definitions in the context of connections based on link-disjoint paths. A natural choice is to consider the minimum ofthe lengths of the two paths. However, this approach results instrongly NP-complete problems [20], namely even approximatesolutions are computationally intractable. Alternatively, we canconsider the worst (highest) among the weights of the twopaths, yet this also leads to an NP-Hard problem [21]. Finally,a common approach is to consider the sum of the lengthsof the two paths, which attempts to minimize the aggregateweight of the two paths (e.g., [22], [23]). Beyond allowingcomputationally efficient optimal solutions, we shall indicatethat this approach also provides a 2-approximation solution tothe previous approach, which targets at minimizing the higherlength of the two paths.

The following example demonstrates the concept of p-survivable connections combining an additive QoS metric andits advantages over traditional protection schemes. Considerthe network described in Fig. 1, where each link is associatedwith a failure probability pe and a weight we representing anadditive metric. Assume that a connection is to be establishedbetween s and t. Here, the weight of a p-survivable connectionis defined as the sum of all the weights of the connection’slinks, considering the weight of a link that is common toboth paths only once. As no pair of disjoint paths from s

2As shall be explained in the sequel, we include the case of two identicalpaths.

� � �� ��� � 0.01�� � 1 ���0.01���10

Fig. 1: Example of p-survivable connections under an additiveQoS metric

to t exists, there is no full protection against single failures,and the traditional survivability requirement is thus infeasible.However, if we are satisfied with 0.99-survivability againstsingle network failures, then a connection that consists of thepaths π1 =< s, a, c, t > and π2 =< s, a, b, t > is a validsolution, since the only (single) failure that can concurrentlydamage both paths is in the common link (s, a). Hence, as thislink fails with a probability of 0.01, the connection is 0.99-survivable. The weight of the connection, defined by the sumof all link weights we (counting the weights of the commonlinks just once), is 113. Now, suppose that we are satisfiedwith 0.992-survivability. Clearly, the paths π1 =< s, a, c, b, t >and π2 =< s, a, b, t > also constitute a valid connection, forwhich the weight decreases to 23. Finally, assume that weare satisfied with 0.993-survivability. Now, the (identical) pathsπ1 =< s, a, b, t > and π2 =< s, a, b, t > also become feasible,thus decreasing the weight of the connection to 3.

Motivated by [17], we investigate how to combine the tunablesurvivability concept with additive QoS guarantees. To thatend, in Section II, we formulate an optimization problem thatconsiders two requirements, namely a (minimum) level ofsurvivability and an additive end-to-end QoS guarantee. Weestablish some fundamental properties of the structure of theoptimal solution. In particular, in Section III, we prove that, foran important class of problems, only a (typically small) subsetof the network’s links may affect the survivability value of theoptimal solution. Next, in Section IV, we establish that ourclass of problems is computationally intractable. Accordingly,in Section V, we design and validate a pseudo-polynomialsolution and an efficient Fully Polynomial-Time ApproximationScheme (FPTAS). In Section VI, through comprehensive sim-ulations, we show that, typically, a modest relaxation (of a fewpercents) in the survivability level is enough to provide a majorimprovement in terms of the QoS requirement, e.g. cutting byhalf the end-to-end delay. Then, in Section VII, we exploit theabove findings in the context of a network design problem, inwhich we need to best invest a given “budget” for improving thesurvivability of the network links. In Setion VIII, we show thatthe algorithmic scheme presented in Section V provides a 2-approximation for an intractable variant of the problem. Finally,Section IX summarizes our results and discusses directions forfuture research.

3

II. MODEL AND PROBLEM FORMULATION

A network is represented by a directed graph G(V,E), whereV is the set of nodes and E is the set of links. We denote thesize of these sets as N = |V | and M = |E|, correspondingly.A path is a finite sequence of nodes π =< s0, s1, ..., sh>such that si ∈ V (for i ∈ [0, h]) and (si, si+1) ∈ E (fori ∈ [0, h − 1]). Alternatively, a path can be represented bythe sequence of its links. A path is simple if all its nodes aredistinct. Given a source node s ∈ V and a destination nodet ∈ V , the set of all simple paths from s to t is denoted byP (s,t). Each link e ∈ E is associated with a failure probabilityvalue pe ∈ (0, pmax]; we note that these probabilities areoften estimated out of the available failure statistics of eachnetwork component [24]. We assume that each link e ∈ E failsindependently and its failure probability is upper-bounded bysome value pmax < 1. Accordingly, we define the minimumnetwork success probability as Smin = (1 − pmax)M . Inaddition, each link e ∈ E is assigned with a positive weightwe that represents an additive QoS target such as delay, cost,jitter, etc.

We adopt the single link failure model, 3 which considershandling at most one link failure in the network. A link isclassified as either faulty or operational: it becomes faulty upona failure and remains to be such until it is repaired, otherwise itis operational. Likewise, we say that a path π is operational ifit has no faulty link, i.e., for each e ∈ π, link e is operational;otherwise, the path is faulty.

We proceed to formulate the concept of tunable survivability,through the following definitions.

Definition 2.1: Given a source node s ∈ V and a destinationnode t ∈ V , a survivable connection is a pair of paths(π1, π2) ∈ P (s,t) × P (s,t).

Survivability is defined as the capability of the network tomaintain service continuity in the presence of failures [26].Thus, we say that a survivable connection (π1, π2) is opera-tional if either π1 or π2 are operational. Under the single linkfailure model, a survivable connection (π1, π2) is operational iffthe links that are common to both π1 and π2 are operational. Asmentioned, under the single link failure model, a link that is notcommon to both paths can never cause a survivable connectionto fail; on the other hand, a failure in a common link causesa failure of the entire connection. Accordingly, as the failureprobabilities {pe} are independent, we quantify the level ofsurvivability of survivable connections as follows.

Definition 2.2: Given a survivable connection (π1, π2) suchthat π1 ∩ π2 6= ∅, we say that (π1, π2) is a p-survivableconnection if

∏e∈π1∩π2

(1 − pe) ≥ p, i.e., the probability thatall common links are operational is at least p. The value of pis then termed as the survivability level of the connection.

3 Node failures can also be handled by employing the transformationdescribed in [25], where each node in the network is split into two nodes(say, ”in-node” and ”out-node”) connected by a directed link. Al links thatterminate at the original node now terminate at the ”in-node” while all linksthat emerge out of the original node now emanate out of the ”out-node”. Afailure in the original node is captured by a failure of the internal link.

The above definition formalizes the notion of tunable surviv-ability for the single link failure model. In case that there are nocommon links between π1 and π2, i.e., the paths π1 and π2 aredisjoint, there is no single failure that can make (π1, π2) fail; forthis case, (π1, π2) is defined to be a 1-survivable connection.

In [17], it was shown that, for any network, if there existsa p-survivable connection that admits more than two paths,then there exists a p-survivable connection that admits exactlytwo paths. Therefore, we can indeed focus on survivableconnections with just two paths.

We proceed to quantify the weight of a survivable connec-tion.

Definition 2.3: Given a network G(V,E) and a (non-empty)path π, its weight W (π) is defined as the sum of the weightof its links, i.e., W (π) =

∑e∈π we. Accordingly, we define a

weight-shortest path between two nodes u, v ∈ V as a path inG(V,E) with minimum weight between u and v.

The weight of a p-survivable survivable connection (π1, π2)is calculated by the sum of the weights of the links ofboth paths. Since a p-survivable survivable connection (π1, π2)potentially contains common links, there are two ways todetermine its aggregate weight, namely: counting the weightof a common link either once or twice. We shall consider bothoptions, formalized as follows.

Definition 2.4: Given a survivable connection (π1, π2),its CO-weight WCO(π1, π2) is defined as the sum ofits link weights counting the common links once, i.e.,WCO(π1, π2) =

∑e∈π1

⋃π2we.

Definition 2.5: Given a survivable connection (π1, π2),its CT-weight WCT (π1, π2) is defined as the sum ofits link weights counting the common links twice, i.e.,WCT (π1, π2) =

∑e∈π1

we +∑e∈π2

we.The appropriate choice between the two options depends on

the QoS metric that the weights we represent. For example,counting the common link once is a good choice for a metricthat stands for a monetary cost, which typically would be paidonly once if the link is used by both paths. On the other hand,counting the common link twice is a suitable choice if the QoSmetric accounts for an average value (over the employed paths),e.g. average delay.

For a source-destination pair, there might be several p-survivable connections, among them we would be interested inthose that have the best “quality”, giving rise to several tunablesurvivability optimization problems. Each problem, in turn, hasits CO-weight (WCO) formulation, namely a “CO-problem”,and its CT-weight (WCT ) formulation, namely a “CT-problem”.The following definitions formalize the different versions of theproblem.

Definition 2.6: CT-Constrained QoS Max-Survivability(CT-CQMS) Problem: Given are a network G(V,E), a sourcenode s ∈ V , a destination node t ∈ V and a QoS bound B.Find a survivable connection (π1, π2) ∈ P (s,t) × P (s,t) from sto t such that:

max∏

e∈π1∩π2

(1− pe)

4

s.t. WCT (π1, π2) ≤ B.

Definition 2.7: CT-Constrained Survivability Min-QoS(CT-CSMQ) Problem: Given are a network G(V,E), asource node s ∈ V , a destination node t ∈ V and asurvivability level S ∈ [Smin, 1]. Find a survivable connection(π1, π2) ∈ P (s,t) × P (s,t) from s to t such that:

min WCT (π1, π2)

s.t.∏

e∈π1∩π2

(1− pe) ≥ S.

The CO version of the above problems, namely the CO-Constrained QoS Max-Survivability (CO-CQMS) Problem andCO-Constrained Survivability Min-QoS (CO-CSMQ) Prob-lem, are defined in the same way but replacing the termWCT (π1, π2) with the term WCO(π1, π2).

In the following sections, we will establish algorithmicsolutions for the defined problems. We begin by establishingsome interesting structural properties of CT-problems.

III. THE STRUCTURE OF CT SOLUTIONS

As explained, CT-problems are an important class in whichthe QoS metric represents either an average or aggregatemeasure over the employed survivable connection, e.g., theaverage delay over the two paths of the connection. We proceedto show that, when addressing the optimization problems of theCT class, the links that may affect the survivability level of theoptimal solution are restricted to a (typically small) subset ofthe network’s links. We start with the following definitions.

Definition 3.1: Given a survivable connection (π1, π2), acritical link is a link e ∈ E that is common to both pathsπ1 and π2. Accordingly, the set of critical links of a survivableconnection is defined as C(π1, π2) = {e|e ∈ π1 ∩ π2}.

Definition 3.2: Given a source s and a destination t, L(s,t)

is the set of all the weight-shortest paths between s and t. Notethat L(s,t) ⊆ P (s,t).

Definition 3.3: Given a source node s ∈ V and a desti-nation node t ∈ V , an in-all-weight-shortest-paths link is alink e ∈ E that is common to all paths in L(s,t). Accord-ingly, the set of in-all-weight-shortest-paths links is defined asL = {e| e ∈

⋂π∈L(s,t) π}.

Note that if there is a unique weight-shortest path betweens and t, i.e. |L(s,t)| = 1, then L precisely consists of its links.Moreover, L is a subset of the set of links of any weight-shortest path. We are ready to present the main result of thissection.

Theorem 3.1: For any bound B on the additive end-to-end QoS, a (any) survivable connection (π1, π2) that is anoptimal solution of the respective CT-Constrained QoS Max-Survivability Problem (per Def. 2.6) is such that all itscritical links are in-all-weight-shortest-paths links. That is,C(π1, π2) ⊆ L.

Proof: Let (π1, π2) be an optimal survivable connectionthat solves the CT-CQMS Problem (Def. 2.6). Assume bycontradiction that there is a critical link e ∈ π1 ∩π2 that is not

(a) Nodes va and vp belong to the same path

(b) Nodes va and vp belong to different paths

Fig. 2: Intersection between πshort and the optimal survivableconnection (π1, π2)

an in-all-weight-shortest-paths link, i.e, ∃e | e ∈ π1 ∩ π2 ∧ e /∈⋂π∈L(s,t) π . Let vi and vj be the nodes of this critical link e,

henceforth denoted as vi → vj . From the assumption, there isa weight-shortest path πshort that does not contain the criticallink vi → vj , i.e., vi → vj /∈ πshort. Moreover, πshortis not identical to π1 nor π2, since πshort does not containvi → vj , a common link of both π1 and π2. Consider allnodes that are common to πshort and to at least one of theoptimal survivable connection paths, π1 or π2. Denote by vathe last such common node on the corresponding sub-pathfrom the source s to vi. Similarly, vp denotes the first suchcommon node on the corresponding sub-path from vj to thedestination t. Note that va, vp can include vi, vj as wellas the source s and the destination t, respectively. From theassumption, a pair of disjoint paths between va to vp necessarilyexists. Moreover, πshort intersects with either π2 or π1, onlyin the sub-paths between s to va or vp to t. Through Fig. 2,we proceed to consider two possible cases of an intersectionbetween πshort (the full-lines path) and the optimal survivableconnection (π1, π2) (the dashed-lines paths).

In the first case, illustrated in Fig. 2a, va and vp belong tothe same path in the optimal survivable connection (π1, π2).Without loss of generality, we assume that va, vp ∈ π1.Consider the pair of sub-paths from va to vp, where onepath contains links from π1 and the other path contains linksfrom πshort denoted as (πsub1 , πsubshort). It is obvious from thedefinition that (πsub1 , πsubshort) are disjoint. Denote by πpre1 thesub-path of π1 from the source s to va, and by πpost1 the sub-path of π1 from vp to the destination t. Now, define a newpath πnew described as πpre1 → va → πsubshort → vp → πpost1 ,composed by the sub-paths πpre1 , πsubshort and πpost1 . Considerthe survivable connection (πnew, π2). Since πnew ∩ π2 doesnot include the critical link vi → vj , the survivability level of(πnew, π2) is higher than that of (π1, π2), i.e.∏

e∈πnew∩π2

(1− pe) >∏

e∈π1∩π2

(1− pe).

5

Also, since for additive metrics a sub-path of a weight-shortestpath is also a weight-shortest path between its endpoints,we have that W (πsubshort) ≤ W (πsub1 ). Therefore, the CT-weight of (πnew, π2) is not larger than that of (π1, π2),i.e. WCT (πnew, π2) ≤ WCT (π1, π2). Thus, the survivableconnection (πnew, π2) strictly outperforms (π1, π2) in termsof survivability while not incuring a higher weight, whichcontradicts the assumption that (π1, π2) is optimal.

In the second case, illustrated in Fig. 2b, va and vp belongto different paths in the optimal survivable connection (π1, π2).Without loss of generality, we assume that va ∈ π1 and vp ∈π2. Denote π1’s sub-paths from the source to vi and from vjto the destination as πpre1 and πpost1 , respectively. Similarly, wedefine πpre2 and πpost2 . Now, consider the survivable connection(γ1, γ2) described as (πpre1 → vi → vj → πpost2 , πpre2 →vi → vj → πpost1 ), composed by the sub-paths πpre1 , πpost1 ,πpre2 and πpost2 and the critical link vi → vj . It has preciselythe same links as (π1, π2), hence it has the same survivabilitylevel, i.e.

∏e∈π1∩π2

(1−pe) =∏e∈γ1∩γ2(1−pe), and the same

CT-weight, i.e. WCT (π1, π2) = WCT (γ1, γ2). Furthermore, vaand vp belong to the same path in the survivable connection(γ1, γ2) i.e., we are back in the realm of the first case.

Corollary 3.1: For any bound S on the survivability level,there is a survivable connection (π1, π2) that is an optimal so-lution of the respective CT-Constrained Survivability Min-QoS(CT-CSMQ) Problem (Def. 2.7) such that all its critical linksare in-all-weight-shortest-paths links. That is, C(π1, π2) ⊆ L.

Proof: Consider a CT-CSMQ Problem for some bound Son the survivability level. Let B be the minimum CT-weightof any optimal survivable connection solution of the aboveproblem instance. On the same network and for the same sourceand destination nodes, consider the CT-CQMS Problem with Bas the bound on the additive end-to-end QoS, and denote by(π1, π2) an optimal solution for this problem and by S∗ andB∗ its survivability level and CT-weight, respectivily. Clearly,S∗ ≥ S, and, moreover, B∗ = B. Thus, (π1, π2) is also anoptimal feasible solution to the original CT-CSMQ Problemwith bound S on the survivability level. According to Theorem3.1, all the critical links of (π1, π2) are in-all-weight-shortest-paths links.

We shall employ the above property of the CT-problems inorder to reduce the computational complexity of the solutionalgorithms. Furthermore, we shall exploit this property in orderto establish a design scheme for efficiently upgrading theperformance of the network in terms of survivability.

IV. ESTABLISHING QOS AWARE p-SURVIVABLECONNECTIONS IS NP-HARD

In this section we will prove that our optimization problems,namely CT-CQMS, CT-CSMQ, CO-CQMS, CO-CSMQ areNP-Hard. We provide a reduction from the well-known, NP-Complete, Partition Problem (PP) [27].

The Partition Problem is defined as follows: Given are a finiteset A and a size s(a) ∈ Z+ for each a ∈ A; is there a subsetA′ ⊆ A such that

∑a∈A′ s(a) =

∑a∈A\A′ s(a)?

Fig. 3: RWSC graph constructed from the Partition Problem

Both of our optimization problems, namely CT-CQMS andCT-CSMQ, can be reduced to the following decision problem,denoted as the CT-Restricted Weight Survivability Connection(RWSC) problem. Given are a source node s ∈ V , a destinationnode t ∈ V , a QoS bound B and a survivability level S. Is therea survivable connection (π1, π2) ∈ P (s,t) × P (s,t) from s to tin which

∏e∈π1∩π2

(1− pe) ≥ S and WCT (π1, π2) ≤ B?Theorem 4.1: Problem CT-RWSC is NP-Complete.

Proof: Clearly, CT-RWSC is in NP, since for a givensurvivable connection (π1, π2), we can polynomially checkwhether

∏e∈π1∩π2

(1 − pe) ≥ S and WCT (π1, π2) ≤ B bycalculating these two metrics and checking the links of thesurvivable connection.

Through the following reduction from Problem PP, i.e.PP ≤p CT − RWSC. Consider an instance of Problem PP,i.e., a set A = {a1, ..., ai, ..., ak} where

∑ai∈A s(ai) = T .

Construct the direct graph illustrated in Fig. 3, as follows.Create a node ai for each element in the set A and anadditional node ak+1. Connect every two adjacent nodes, aiand ai+1, by a pair of links: a top link aupi and a bottom linkadowni . Determine node a1 as the source and node ak+1 asthe destination. Note that each node in the constructed graph,except the source and the destination, has in-degree and out-degree equal to 2. The top and bottom link weight and failureprobability values are set according to the equivalent elementsize s(ai), as follows. Set aupi weight as w(aupi ) = 0 andaupi failure probability as p(aupi ) = 1 − e−s(ai). Note that0 < p(aupi ) < 1 due to the negative exponent. Set adowni

weight as w(adowni ) = s(ai) and adowni failure probability asp(adowni ) = M , where pmax < M < 1. We remind that pmaxis an upper-bound for the failure probability. Consider the CT-RWSC problem for the above graph where the upper bound Bis set to T

2 and the lower bound S is set to e−T2 . Our proof is

based on the following two lemmas.Lemma 4.1: If there is no solution to the given CT-RWSC

problem, there is no solution to the PP problem.Proof: Assume by contradiction that there is a solution

to the PP problem, denoted by A′ where∑a∈A′ s(a) = T

2 .Consider a survivable connection (π1, π2) in the constructedgraph (Fig. 3) where its common links are the aupi linksassociated with ai ∈ A′. Accordingly, if ai ∈ A \ A′ thenboth aupi and adowni links belongs to the survivable connec-tion (π1, π2). Therefore, the survivability level of (π1, π2) is∏e∈π1∩π2

(1 − pe) =∏ai∈A′ e

−s(ai) = e−T2 . Since top links

have zero weight, w(aupi ) = 0, they do not contribute tothe total survivable connection weight. Hence, the weight of

6

(π1, π2) is the sum of the bottom links weight, w(adowni ), in thesurvivable connection, i.e. WCT (π1, π2) =

∑ai∈A\A′ s(ai) =

T2 . Thus, (π1, π2) is a solution to the given CT-RWSC problem,which is a contradiction.

Lemma 4.2: If there is a solution (π1, π2) to the given CT-RWSC problem, there is a solution to the PP problem.

Proof: Clearly, a bottom link adowni will never be acommon link of the solution (π1, π2), due to the high failureprobability set to this link, as defined pmax < M < 1. Thus,for each pair of links, aupi and adowni , connecting two nodes, aiand ai+1, the solution (π1, π2) may consist of either top linkaupi , common to the two paths, or the pair of links, aupi andadowni , each assigned to one of the paths. Note that only thecommon top links contribute to the connection’s survivabilitylevel, and only the bottom links contribute the connection’s totalweight. Denote by S1 the set of elements that are associatedwith common top links of (π1, π2) and by S2 the set of elementsthat are associated with the other links of (π1, π2). Note thatS1 and S2 are complementary subsets of A. Therefore, fora given solution (π1, π2),

∏e∈π1∩π2

(1 − pe) ≤ e−T2 (resp.∏

e∈π1∩π2(1 − pe) ≥ e

−T2 ) iff

∑a∈S1

s(a) ≥ T2 (resp.∑

a∈S1s(a) ≤ T

2 ) iff∑a∈S2

s(a) ≤ T2 (resp.

∑a∈S2

s(a) ≥T2 ) iff WCT (π1, π2) ≤ T

2 (resp. WCT (π1, π2) ≥ T2 ). Since

(π1, π2) should meet both bounds, we have∏e∈π1∩π2

(1 −pe) = e

−T2 and WCT (π1, π2) = T

2 . Thus, we identified a subsetS1 ⊆ A such that

∑ai∈S1

s(ai) =∑ai∈A\S1

s(ai) = T2 .

Both of our optimization problems, namely CO-CQMSand CO-CSMQ, can be reduced to the following decisionproblem, denoted as the CO-RWSC problem. Given are asource node s ∈ V , a destination node t ∈ V , a QoSbound B and a survivability level S. Is there a survivableconnection (π1, π2) ∈ P (s,t) × P (s,t) from s to t in which∏e∈π1∩π2

(1− pe) ≥ S and WCO(π1, π2) ≤ B?

Corollary 4.1: The CO-RWSC problem is NP-Hard.

Proof: As defined in section II, the difference between theCO and CT problems is based on the effect of the commonlinks weights of a survivable connection in the total solutionweight. Previously, in the proof of Theorem 4.1, we presented aconstruction (Fig. 3) in which the weight of the top link is set to0, i.e. w(aupi ) = 0. As mentioned, in this construction, a bottomlink adowni will never be a common link of the solution (π1, π2),since the common links of any optimal survivable connectionsolution are composed only of top links aupi . Therefore, thecommon links of the presented construction did not affect thetotal solution weight. Thus, the previous proof of Theorem 4.1can be applied also to CO problems.

Nonetheless, the Partition Problem is a weakly NP-completeproblem and admits pseudo-polynomial time algorithms andapproximation schemes [27]. In fact, the problem has beencalled ”The Easiest Hard Problem” [28]. Indeed, we proceedto establish pseudo-polynomial time algorithms and approxi-mation schemes for our optimization problems.

V. ESTABLISHING QOS AWARE p-SURVIVABLECONNECTIONS

In the previous section, we prove that our previously formu-lated optimization problems, namely CT-CQMS, CT-CSMQ,CO-CQMS and CO-CSMQ, are NP-Hard. However, efficientsolution schemes are still possible. Indeed, in this section, weshall establish exact solutions of pseudo-polynomial complex-ity, and near (i.e., ε-optimal) solutions of polynomial complex-ity, for the considered problems.

The solution approach is based on a graph transformationthat reduces our problem to a standard Restricted Shortest Path(RSP) problem. We recall that RSP is the problem of findinga shortest (in terms of an additive metric) path while obeyingan additional (additive) constraint, as follows.

Definition 5.1: Restricted Shortest Path (RSP) Problem:Given is a network G(V,E) where each link e ∈ E isassociated with a length le and a time te. Let T be a positiveinteger and s, t ∈ V be the source and the destination nodes,respectively. Find a path π from s to t such that:

min∑e∈π

le s.t.∑e∈π

te ≤ T.

Although the RSP problem is known to be NP-Hard [27],the literature provides several pseudo-polynomial solutions [29][30] as well as ε-optimal Fully Polynomial Time Approxima-tion Schemes (FPTAS) [31] [32], which we employ in order tosolve our problems. Moreover, we use the findings of SectionIII in order to further reduce the complexity of the solutionsfor the CT problem.

A. Pseudo-Polynomial Schemes for Establishing CO-QoSAware p-Survivable Connections

We begin by establishing a pseudo-polynomial algorithmicscheme for solving the two CO problems, namely the CO-CSMQ Problem and the CO-CQMS Problem. The methodemploys two well-known algorithms: the first, Edge-DisjointShortest Pair (EDSP) Algorithm [22], finds two edge-disjointpaths with minimum sum of edge weight between two nodes ina weighted directed graph; the second is a pseudo-polynomialalgorithmic scheme, such as [30], for solving the NP-Hard RSPproblem. We proceed to present an algorithmic scheme forsolving the both CO-Problems specified in Fig. 4. We denotethe algorithmic schemes as the CO-Tunable Survivable Con-nection Min-QoS (CO-TSCMQ) Algorithm, for the CO-CSMQProblem, and the CO-QoS Aware Max Survivable connection(CO-QAMSC) Algorithm, for the CO-CQMS Problem. Notethat the algorithm does not include the dashed-boxed text (withgray background), which shall be later used for handling theCT-QoS Aware Problems. Moreover, the CO-TSCMQ and theCO-QAMSC algorithms differ from each other only by the textin Stage 2 inside the double-framed-box and the dashed-box,respectively. The scheme consists of the three following stages.

The first stage comprises the construction of a transformednetwork G(V , E) constituting an input for an RSP algorithm inthe next stage, where each link is associated with two metrics:

7

Input: G(V,E)-network, s-source, t-destination, pe-linkfailure probability, we-link weight, B-weightconstraint

Variables: G(V , E)-transformed network, s-source,t-destination, le-link length, te-link time, πmin -aweight-shortest path, π -RSP solution

Stage 0 − Shortest PathSearch0.1)Employ a Shortest-Path Algorithm[33] between s and tin order to find aweight shortest path πmin.

Stage 1 - Transformed network G(V , E) construction1.1) V � V .1.2) foreach e : u � v ∈ E πmin do

- Construct a “simple link” e between u and v.- Assign le to be we 2 · we .- Assign te to be −ln(1− pe).

end1.3) foreach u ∈ V πmin do

foreach v ∈ V πmin do- Employ the EDSP Algorithm [22] between u and v.if (there is a solution to the EDSP Algorithm) then

- Construct a “disjoint link” e between u and v.- Assign le to be the sum of we’s of theEdge-Disjoint Shortest Pair of Paths (EDSPoP).- Assign te to be 0.

endend

endStage 2 - RSP Calculation2.1) Find a restricted shortest path π of the RSP problem(Def. 5.1) by employing [30] in the transformed networkG(V , E) where T = B T = − lnS .2.2) if there is no feasible solution for the RSP then

- return FailendStage 3- Survivable Connection (π1, π2) Construction3.1) foreach e ∈ π do

if e is a “simple link” then- π1 and π2 contain the corresponding e link.

endelse if e is a “disjoint link” then

- π1 contains the links of one the paths of theEDSPoP represented by e.- π2 contains the links of the other path of theEDSPoP represented by e.

endendreturn (π1, π2)

Fig. 4: CO/CT-QoS Aware Max Survivable Connection/Tunable Survivable Connection Min-QoS(CO/CT-QAMSC/TSCMQ) Algorithm

(a) simple links

(b) disjoint links

Fig. 5: CO links transformation

a length le and a time te. Specifically, the transformed networkconsists of two types of links, as follows. The first one, denotedas simple link, consists of the original network links. The lengthof a simple link is set to be the weight of the original link, i.e.te = we. The time of a simple link is set to te = −ln(1− pe),thus transforming our multiplicative (survivability) metric intoan additive one. The second type of links, denoted as disjointlink, consists of additional links representing possible Edge-Disjoint Shortest Pair of Paths (EDSPoP) between pairs ofnodes in the network. The length of a disjoint link is setto be the weight of the EDSPoP between these two nodes,which we compute by employing the EDSP Algorithm [34][22]. The time of a disjoint link is set to be 0, due tothe fact that a disjoint path provides full protection againsta single link failure. Fig. 5 illustrates these transformations,where the dashed-boxed text (with gray background) should bedisregarded at this stage. Given the above transformed networkG(V , E), the second stage calculates a restricted shortest pathaccording to the desired version of the algorithm distinguishedby the framed-box, where the CO-QAMSC algorithm is markedby the double-framed-box and the CO-TSCMQ algorithm ismarked by the dashed-box. We remind that the CO-QAMSCalgorithm aims to find a survivable connection with maximumsurvivability level upper bounded by a QoS constraint B, thusthe parameters of the RSP problem (Def. 5.1) are set to le = le,te = te and T = B. In contrast, the CO-TSCMQ algorithmaims to find a survivable connection with minimum CO-weightlower bounded by a survivability level constraint S, thus theparameters of the RSP problem (Def. 5.1) are set to le = te,te = le and T = − lnS. Note that, for the CO-TSCMQalgorithm, the constraint expression T = − lnS usually is anon-integer number, therefore the pseudo-polynomial algorithmdepends on the precision the expression. Specifically, the CO-QAMSC algorithm finds a pair of paths that minimizes

−∑

e∈π1∩π2

ln(1− pe) = −ln∏

e∈π1∩π2

(1− pe)

and, therefore, maximizes∏e∈π1∩π2

(1 − pe), the connec-tion’s survivability level. Here, we may employ any pseudo-polynomial time algorithm, e.g. [29] [30], for solving the RSPproblem.

8

s t

������������� ����������� ������������������������

Fig. 6: Concatenated common and disjoint segments forming asurvivable connection

As shall be shown, there is no solution to our problem if thereis no feasible solution to the defined RSP problem. Note thateach disjoint link is associated with a pair of disjoint paths inthe original network, while each simple link is associated witha regular link. Accordingly, in the third stage, we construct thesought pair of paths of a survivable connection (π1, π2) out ofthe links of the RSP solution, i.e. path π. Then, the algorithmoutputs the optimal survivable solution (π1, π2).

The following theorem establishes the correctness of the CO-TSCMQ Algorithm.

Theorem 5.1: Given are a network G(V,E), a pair of nodess and t, a survivability level constraint S ∈ [Smin, 1]. If thereexists a survivable connection with a survivability level of atleast S, then the CO-TSCMQ Algorithm returns a survivableconnection that is a solution to the CO-CSMQ Problem; oth-erwise, the algorithm fails.

In order to prove Theorem 5.1, we begin by observing thatthe structure of any survivable connection (π1, π2) is composedof two types of segments (see Fig. 6). The first type is a commonsegment, which contains links that are common to π1 and π2.The second type is a disjoint segment, which contains linksthat are exclusive to one of the paths. Consider a segmentwith a head node u and a tail node v. A disjoint segment isa disjoint couple of paths from u to v denoted as v

u(π1, π2)ds.The common segments concatenated with the disjoint segmentsform a survivable connection (π1, π2), as illustrated in Fig. 6.

The weight of a disjoint segment W (vu(π1, π2)ds) is definedas the sum of all link weights in the disjoint segment, i.e.W (vu(π1, π2)ds) =

∑e∈v

u(π1,π2)dswe. Accordingly, a shortest

disjoint segment is a disjoint segment vu(π1, π2)ds of minimumweight among all possible disjoint pairs of paths from u to v.

Lemma 5.1: Given are a network G(V,E), a pair of nodess and t, a survivability constraint S ∈ [Smin, 1]. Any optimalsolution (π1, π2) to the respective CO-CSMQ Problem is suchthat all its disjoint segments are shortest disjoint segments.

Proof: Let (π1, π2) be an optimal survivable connectionof the CO-CSMQ Problem. Consider some arbitrary disjointsegment vu(π1, π2)ds. Assume by contradiction that there is adisjoint pair of paths from u to v, vu(γ1, γ2)ds, with a lowerweight, i.e. W (vu(γ1, γ2)ds) < W (vu(π1, π2)ds). Due to thestructure of (π1, π2) survivable connections (depicted in Fig.6), the substitution of v

u(π1, π2)ds with vu(γ1, γ2)ds forms a

survivable connection from s to t denoted as (γ1, γ2). Notethat the survivability levels of (γ1, γ2) and (π1, π2) are equal

because the substituted disjoint pair of paths vu(γ1, γ2)ds does

not contribute to the total survivability level. Moreover,

Wco,ct(γ1, γ2) < Wco,ct(π1, π2)

which contradicts the assumption that (π1, π2) is the optimalsurvivable connection to the respective CO-CSMQ Problem.

We recall that step 1 of the CO-TSCMQ Algorithm (Fig. 4)constructs a transformed network G(V , E) that contains “sim-ple links” that are the links of the original network G(V,E) and“disjoint links” that represent disjoint shortest paths between allpairs of nodes in the network. The following two Lemmas 5.2and 5.3 prove Theorem 5.1.

Lemma 5.2: If there is no solution to the RSP problem instage 2 of the CO-TSCMQ Algorithm, then there is no solutionto the CO-CSMQ Problem.

Proof: Assume by contradiction that (π1, π2) is a solutionto the CO-CSMQ Problem. Given a lower bound S, (π1, π2)satisfies

∏e∈π1∩π2

(1− pe) ≥ S and minimizes WCO(π1, π2).As previously mentioned, the structure of (π1, π2) containsdisjoint and common segments (Fig. 6). According to Lemma5.1, the disjoint segments of (π1, π2) are shortest disjointsegments. Hence, consider the path γ that contains disjointlinks equivalent to the disjoint segments and simple linksequivalent to the common segments in the transformed networkG(V , E). The path γ solves the RSP problem in stage 2, whichcontradicts the assumption that there is no solution to it.

Lemma 5.3: If there is a solution to RSP problem in stage 2of the CO-TSCMQ Algorithm, then stage 3 of the CO-TSCMQAlgorithm returns a solution to the CO-CSMQ Problem.

Proof: Consider the RSP solution γ in the transformednetwork G(V , E), which contains disjoint links and simplelinks. At stage 3, we decompose a survivable connection(π1, π2) from the RSP solution γ by transforming each disjointlink into a disjoint segment and each simple link into a link ina common segment. Given an upper bound S, (π1, π2) satisfies∏e∈π1∩π2

(1− pe) ≥ S and minimizes WCO(π1, π2), hence itsolves the CO-CSMQ Problem.

The following theorem establishes the correctness of the CO-QAMSC Algorithm.

Theorem 5.2: Given are a network G(V,E), a pair of nodess and t and a co-weight constraint B ≥ 0. If there exists asurvivable connection with a CO-weight of at most B, then theCO-QAMSC Algorithm returns a survivable connection that isa solution to a CO-CQMS Problem; otherwise, the algorithmfails.

The proof is similar to that of Theorem 5.1, using thefollowing Lemma 5.4 instead of Lemma 5.1.

Lemma 5.4: Given are a network G(V,E), a pair of nodess and t, a CO-weight constraint B ≥ 0. There is an optimalsolution (π1, π2) to the respective CO-CQMS Problem suchthat all its disjoint segments are shortest disjoint segments.

Proof: Given a CO-CQMS Problem where B is the QoSbound, denote by S the maximum survivability level of itssolution. Let us define a CO-CSMQ Problem where S is thesurvivability level constraint and assume that (π1, π2) is a

9

solution to the defined problem. Clearly, the weight of theoptimal solution (π1, π2) is at most B, i.e. W (π1, π2) ≤ B.Therefore, (π1, π2) is also a solution to the CO-CSMQ Prob-lem. According to Lemma 5.1, all (π1, π2) disjoint segmentsare shortest disjoint segments.

We proceed to analyze the running time of the CO-QAMSCAlgorithm. As mentioned, the input size is represented by Nand M , which are the numbers of nodes and links in thenetwork, respectively. We denote by R(N,M) and D(N,M)the running time expressions of the employed (standard) RSPalgorithm and EDSP algorithm, respectively.

Theorem 5.3: The time complexity of the CO-QAMSC Al-gorithm is O(N2 · D(N,M) + R(N,N2)), i.e. O(M · N2 +N3 · (log(N) +B)).

Proof: Let us analyze the steps of the CO-QAMSC Al-gorithm, illustrated in Fig. 4. At stage 1, we construct a newnetwork from different original network links and the disjointshortest paths between every two nodes. As each originalnetwork node and link are duplicated, the running time of firstand second steps of stage 1 is O(N) and O(M) respectively.Next, at the third step of stage 1, we perform the DisjointShortest Path algorithm for each couple of nodes in total N2

times and its running time is O(N2 · D(N,M)). At stage 2we run the RSP algorithm in the new constructed network,which contains exactly the same number of nodes N andat most M + N2 links, where the complexity of this stepis R(N,N2). At stage 3, we go over all the links in thenew network, and its running time is O(N2). Therefore, thetotal complexity of the CO-QAMSC Algorithm is given byO(M+N2 ·D(N,M)+R(N,N2)+N2) = O(N2 ·D(N,M)+R(N,N2)). Now, we examine the complexity of R(N,M)and D(N,M). The link-disjoint shortest pair algorithm can beperformed in O(M + N · log(N)) [22]. According to [30],a pseudo-polynomial algorithm for the RSP problem can beperformed in O(M · N · B), where B is the constraint size.Thus, we conclude that the CO-QAMSC algorithm is boundedby O(M ·N2 +N3 · (log(N) +B)).

The running time for the CO-TSCMQ Algorithm can be ob-tained by replacing the constraint B with the desired precisionof the constraint − ln(S). Note that the complexity dependslinearly on the chosen precision.

B. Pseudo-Polynomial Schemes for Establishing CT-QoSAware p-Survivable Connections

We will now exploit the rather salient property of the optimalsolutions to the CT-problems, as established in Section III. Thiswill allow us to improve the computational complexity of thealgorithmic solution of CT-CQMS and CT-CSMQ optimizationproblems.

Previously, in Section V-A, we noted that both the CO-CQMS and the CO-CSMQ problems have quite similar solu-tions. Since this is the case also for the CT-problems, we shallfocus on the solution to the CT-CQMS problem. We proceedto present an algorithmic scheme for solving the CT-CQMS

Problem (Def. 2.6), denoted as the CT-QoS Aware Max Sur-vivable Connection (CT-QAMSC) Algorithm. The algorithm isspecified (again) in Fig. 4, however now the full-line-boxed textshould be disregarded while the dashed-boxed text (with graybackground) should be considered. Moreover, in Stage 2, thetext inside the double-framed-box should be considered.

Note that the CT-Algorithmic scheme is similar to thepreviously presented CT-algorithmic scheme, except for twoimportant changes marked by dashed-boxed text (with graybackground). The first is in the transformation of simple linksin the new constructed network in step 1.2. Recall that simplelinks represent critical links of the solution, i.e., the survivableconnection (π1, π2). Since in the CT problems the weight ofeach such link is counted twice, the weight of simple links isset to be twice the weight of the links in the original network,as illustrated (again) in Fig.5a, where the full-line-boxed textshould be disregarded now while the dashed-boxed text (withgray background) should be considered.

The second change is the addition of a preliminary stage,namely Stage 0, to the CT algorithmic variants. At this initialstage, the algorithm first finds a weight-shortest path in thenetwork G(V,E) by employing a well-known shortest pathalgorithm, such as Dijkstra’s [33]. According to Theorem 3.1and its corollaries, in an optimal solution of a CT problem,each of the critical links is included in any weight-shortest path.Therefore, we can have the CT-QAMSC Algorithm focus onjust nodes and links that belong to some (any) weight-shortestpath. Accordingly, at Stage 1 of the algorithm, the transformednetwork G(V , E) is limited to simple links that correspond tothe weight-shortest path found at Stage 0, and to disjoint linksthat correspond to EDSPoPs between pairs of nodes of theidentified weight-shortest path. As shall be shown, this changeimproves the computational complexity of the solution.

It is easy to verify that Theorem 5.2, established previouslyfor the CO-TSCMQ algorithmic solution, hold also for theCT-algorithmic solution variant. Therefore, the proof of thecorrectness of the CT-TSCMQ algorithm follows the same linesas for the CO-TSCMQ algorithm.

We denote the number of links in the identified weight-shortest path as k. The running time expression of the weight-shortest path algorithm is denoted as SP (N,M). As previouslymentioned, R(N,M) and D(N,M) are the running timeexpressions of a standard RSP algorithm and a standard EDSPalgorithm, respectively.

Theorem 5.4: The time complexity of the CT-QAMSC Al-gorithm is O(SP (N,M) + k2 · D(N,M) + R(k, k2)), i.e.O(k2 · (M +N · log(N)) + k3 ·B).

Proof: Let us analyze the different steps of the CT-QAMSC Algorithm specified in Fig. 4. At Stage 0, we calculatea weight-shortest path in the network, and its running time isO(SP (N,M)). Then, at Stage 1 it is enough to apply theDisjoint Shortest Path algorithm only between each coupleof nodes in the weight-shortest path, and its running time isO(k2 ·D(N,M)). Now, the constructed network contains k+1nodes and two types of links, namely k links of the weight-

10

shortest path and at most (k+1)·k links associated with disjointpaths between each node of the weight-shortest path. Therunning time of the RSP algorithm in the constructed networkis R(k, k2). Hence, the total complexity of CT-QAMSC Algo-rithm is given by O(SP (N,M) + k2 ·D(N,M) +R(k, k2)).Now, we examine the complexity of the previously statedrunning time expressions, namely SP (N,M), R(N,M) andD(N,M). Note that the additive QoS metric is non-negativeby definition. Therefore, we can use Dijkstra’s algorithm inorder to find SP(N,M). Dijkstra’s algorithm running time isgiven by O(M + N · log(N)) [33]. As previously mentioned,the running time of the expressions D(N,M) and R(N,M)is bounded by O(M + N · log(N)) and O(M · N · B),respectively. Thus, we conclude that CT-QAMSC is boundedby O(k2 · (M +N · log(N)) + k3 ·B).

According to [35], in power-law networks, which are knownto be a good model for some portions of the Internet [36], thenumber of links of the shortest path grows proportionally tothe logarithm of the number of the network nodes, i.e. k ∼log(N). Therefore, the running time of our algorithm can besignificantly reduced in such networks.

C. Approximation Schemes for Establishing QoS Aware Sur-vivable Connections

We proceed to establish Fully Polynomial Time Approxima-tion Schemes (FPTAS) for the considered problems.

First, we establish that an ε-approximation scheme for theCO-CQMS Problem can be accomplished by employing thepreviously defined CO-QAMSC Algorithm (Fig. 4) with thefollowing change. Consider a desired approximation ratio 1 +ε, and recall the minimum survivability level Smin = (1 −pmin)M specified in Section II. In Stage 2 of the CO-QAMSCAlgorithm, instead of employing a pseudo-polynomial (exact)solution scheme, apply an (any) FPTAS of those proposed inthe literature for solving the RSP problem, e.g. [32], with anapproximation ratio of − ln(1+ε)

lnSmin . The running time expressionof the RSP Algorithm is R(N,M, ε). This modified algorithmshall be referred to as the F-CO-QAMSC Algorithm.

Theorem 5.5: The F-CO-QAMSC Algorithm is a FPTASfor the CO-CQMS Problem. Specifically, the weight of theprovided connection is bounded by B (as required) and itssurvivability level is at most (1 + ε) smaller than the optimalsurvivability level. The time complexity of the algorithm isbounded by O(N2 ·(M+N ·log(N))+N3 ·(log log(N)+M

ε )).Proof: Assume that Sopt is the survivability level of

the optimal solution of a CO-CQMS Problem, and that ouralgorithm finds a solution with a survivability level of Salgo.In order to prove the ε approximation of the F-CO-TSCMQ Al-gorithm, we shall show that Sopt

Salgo ≤ 1 + ε. Since we applied aFPTAS to the corresponding RSP Problem using an approxima-tion ratio of − ln(1+ε)

lnSmin , we have that − lnSalgo

−lnSopt ≤ 1 + − ln(1+ε)lnSmin .

Since Smin ≤ Sopt ≤ 1, we get − lnSalgo

−lnSopt ≤ 1 + − ln(1+ε)lnSopt .

A simple manipulation in the previous formula gives Sopt

Salgo ≤1 + ε. Given the first-order Taylor approximation we conclude

that O(− ln(1+ε)lnSmin ) ≈ O( ln(1+ε)

M ) ≈ O( εM ). The FPTAS for the

RSP problem provided by [32], assuming an approximationfactor of η, has time complexity of O(N ·M ·(log log(N)+ 1

η )).Thus, according to Theorem 5.3, we conclude that the timecomplexity of the F-CO-TSCMQ Algorithm is bounded byO(N2 · (M +N · log(N)) +N3 · (log log(N) + M

ε )). Thus, wehave established a FPTAS.

We proceed to establish an ε-approximation scheme forthe CO-CSMQ Problem by employing the previous definedCO-TSCMQ Algorithm with the following alteration. Giventhe desired approximation ratio of ε, in Stage 2 of the CO-TSCMQ Algorithm, apply an (any of those proposed in theliterature, e.g. [32]) FPTAS for solving the RSP problem withan approximation ratio of ε, instead of applying a pseudo-polynomial (exact) solution scheme. This modified algorithmis denoted as the F-CO-TSCMQ Algorithm.

Theorem 5.6: The F-CO-TSCMQ Algorithm is a FPTAS forthe CO-CSMQ Problem. Specifically, the survivable connectionsolution survivability level is bounded by S and its weight isat most (1 + ε) greater than the optimal weight. Moreover,the algorithm time complexity is bounded by O(N2 · M ·log1+M

N(N) +N3 · (log log(N) + 1

ε )).Proof: Assume that Bopt and Ropt are the weight of

the optimal solution of a CO-CSMQ Problem and the RSPproblem, respectively. Moreover, assume that Balgo and Ralgo

are the weight of the solution of F-CO-TSCMQ Algorithm andthe RSP algorithm of stage 2, respectively. Given is the RSPalgorithm approximation where Ralgo

Ropt ≤ 1 + ε. We note thatBopt is identical to Ropt and Balgo is equal to Ralgo. Therefore,Balgo

Bopt = Ralgo

Ropt ≤ 1 + ε. Thus, according to Theorem 5.3, weconclude that the time complexity of F-CO-TSCMQ Algorithmis bounded by O(N2 ·M ·log1+M

N(N)+N3 ·(log log(N)+ 1

ε )).

A FPTAS for the CT-CSMQ Problem (Def. 2.7) and the CT-CQMS Problem (Def. 2.6) can be established by employing thesame approach to the CT-TSCMQ and CT-QAMSC algorithmicschemes.

D. A Numerical Example

We further demonstrate the operation of the CO-TSCMQ andCT-QAMSC algorithms through an example depicted in Fig. 7.

Consider the network illustrated in Fig. 7a, where the linksweights we and failure probabilities pe are depicted next to eachlink. Assume that we aim at finding a survivable connection(π1, π2) with maximum survivability level and an upper-boundof 8 on the total weight, for the CT-CQMS problem. As shownin Fig. 4, the CT-QAMSC Algorithm starts by finding a weight-shortest path between the source and destination at Stage 0,which in this case is the path πmin =< s, a, b, t >. Conse-quently, the next stage only focuses on the nodes and linksof the shortest path πmin. At Step 1.2, the algorithm createsthe simple links of the transformed network by duplicatingthe links of the shortest path πmin and setting its length tobe le = − ln(1 − pe) and its time to be te = 2 · we. AtStep 1.3, the algorithm finds, between each couple of nodes

11� � 0.01� ��� �� � 0.01 � � 0.01� � 0.02� � 0.03 � � 0.01� � 0.01� � 1 � � 1 � � 1� ��� � 4 � � 10� � 10

(a) Network illustrating the operation of the CO-TSCMQand CT-QAMSC algorithms� �� � � � �ln�0.99�� � �ln�0.98�� � �ln�0.97� � � 0

� � 0� � 2 � � 2 � � 2� ��� � 6

� � 0� ��(b) Transformed network of the CT-QAMSC algorithm

� ��

� � � � �ln�0.99�� � �ln�0.98�� � �ln�0.97�� � �ln�0.99�� � 1 � � 1 � � 1� ��� � 4� � 10� � 6� � 0� � �ln�0.99�� ��� � 0� � 0� ��

(c) The transformed network of the CO-TSCMQ algo-rithm

Fig. 7: Example of the CO-TSCMQ and CT-QAMSC algo-rithms execution

along the shortest path πmin =< s, a, b, t >, an Edge-DisjointShortest Pair of Paths (EDSPoP). In this specific case, threeEDSPoPs are found: the first is found between node s andnode b (πsb1 , π

sb2 ) = (< s, b >,< s, a, b >) with a total

weight of 6, the second is found between node a and nodet (πat1 , π

at2 ) = (< a, t >,< a, b, t >) with a total weight

of 5, and the third is found between node s and node t(πst1 , π

st2 ) = (< s, b, t >,< s, a, t >) with a total weight

of 9. We create a disjoint link for each of the above threeEDSPoPs, setting its lenght le to be 0 and its time te tobe the EDSPoP’s total weight. At the end of Stage 1, weobtain the transformed network illustrated in Fig. 7b. At stage2, in the transformed network, the algorithm solves the RSPproblem, considering a bound of 8. Accordingly, we obtain thedashed path π =< s, b, t > in Fig. 7b. Finally, at stage 3,the algorithm constructs and outputs the survivable connection(π1, π2) = (< s, b, t >,< s, a, b, t >).

Now, we consider the CO-TSCMQ Algorithm described inFig. 4 given the network in Fig. 7a. Assume that we aim

to find a survivable connection (π1, π2) which minimizes itsCO-weight and its survivability level is restricted to 0.99. Incontrast to the previous example of the CT-CQMS algorithm,Stage 1 of the CO-TSCMQ Algorithm considers all networklinks and nodes. At Step 1.2, the algorithm creates the simplelinks of the transformed network by duplicating the originalnetwork links and setting its length to le = we and itstime to te = − ln(1 − pe). At Step 1.3, the algorithm findsbetween each couple of nodes of the original network anEDSPoP. In this case, 4 EDSPoPs are found: The three sameEDSPoPs mentioned in the previous CT-CQMS Algorihtmexample and an additional EDSPoP between node c and nodet, (πct1 , π

ct2 ) = (< c, t >,< c, b, t >) with a total weight of 12.

Here, we consider node c that does not belong to any shortestpath. As the previous example, we create a disjoint link foreach found EDSPoP setting its time te to be 0 and its lengthle to be the EDSPoP’s total weight. At the end of Stage 1,we obtain the transformed network illustrated in Fig. 7c. Atstage 2, in the transformed network, the algorithm solves theRSP problem with a restriction of − ln(0.99). Accordingly, weobtain the dashed path π =< s, b, t > in Fig. 7c. Finally, atstage 3, the algorithm constructs and outputs the survivableconnection (π1, π2) = (< s, b, t >,< s, a, b, t >).

VI. SIMULATION STUDY

In this section, we demonstrate the advantages of employingtunable survivability over the traditional protection (full sur-vivability) schemes. For concreteness, we consider delay asthe additive QoS metric. Through comprehensive simulations,we compare between the minimum delay of the optimal p-survivable connections, where p ∈ [0.9, 1), and the minimumdelay of the optimal 1-survivable connections, the latter beingobtained through pairs of edge disjoint paths. In particular,we show that, by slightly relaxing the traditional requirementof 100% protection, major improvement in terms of delay isaccomplished.

A. Setup

We generated two classes of random networks, namelyPower-Law [36] topologies and Waxman [37] topologies. ThePower-Law topology has been shown to quite adequately modeltypical network interconnections, particularly, in the contextof the Internet [36]. We demonstrate that our findings extendto other classes of network topologies by experimenting withanother well known class, namely Waxman topologies.

We generated 10000 random networks, each containing 200nodes, in which we identified a source-destination pair, in amanner that shall be explained later. In this section we considerthe CT-CSMQ Problem (Def. 2.7), in which we minimize delayunder a survivability constraint. For each generated networkand survivability level constraint S in the range of [0.9, 1] withintervals of 0.005, we employed the CT-TSMQ Algorithm forthe Power-Law class and for the Waxman class. We then con-sidered only those networks that admit 1-survivable connections(i.e., sustain a pair of edge disjoint paths between source and

12

0.4

0.5

0.6

0.7

0.8

0.9

1

0.9 0.91 0.92 0.93 0.94 0.95 0.96 0.97 0.98 0.99 1

d

e

l

a

y

r

a

t

i

o

survivability level p

1

0.8

0.6

0.4

0.2

0

𝜌 𝐷

𝜔

(a) Power Law simulations for different values of ω

0.4

0.5

0.6

0.7

0.8

0.9

1

0.9

1

0.8

0.7

0.6

0.4

0.2

0

0.4

0.5

0.6

0.7

0.8

0.9

1

0.9 0.91 0.92 0.93 0.94 0.95 0.96 0.97 0.98 0.99 1

d

e

l

a

y

r

a

t

i

o

survivability level p

1

0.8

0.6

0.4

0.2

0

𝜌 𝐷

𝜔

(b) Waxman simulations for different values of ω

Fig. 8: Average Delay Ratio versus Survivability Level

destination). For each such network, we measured the minimumdelay of a p-survivable connection, denoted as D(p), andcomputed the delay ratio, defined as ρD(p) = D(p)

D(1) . Finally, wederived the corresponding average delay ratio ρD(p), computedover all considered network instances (of either the Power-Lawor Waxman class).

In terms of delay, we considered two types of links: “slow”links, whose delay is set to 100 time units, and “fast” links,whose delay is set to an integer randomly (uniformly) dis-tributed in [1, 5] time units. This choice represents typical mixesof links, e.g. satellite links with large propagation delays vs.terrestrial links, or low-bandwidth (hence, large transmissiondelay) links vs. high-bandwidth links. Specifically, a link wasclassified as ”fast” with probability of ω ∈ [0, 1] and as “slow”otherwise, i.e. with probability of 1 − ω. We ran simulationsfor each ω ∈ [0, 1] value in steps of 0.2. The failure probabilityof each link was distributed normally with a mean of 1% anda standard deviation of 0.3%, as done in [17].

We proceed to further specify the generation of the ran-dom topologies. For Power-law topologies, following [36], werandomly assigned a certain number of out-degree credits toeach node, using the power-law distribution β · x−α, wherex is a random number out of the number of network nodes,α = 0.756 and β = 100. We connected the nodes so thatevery node obtained the assigned out-degree. Specifically, werandomly picked pairs of nodes u and v, such that u still hadsome remaining out-degree credits and then assigned a directedlink u→ v between them in case that such a link had not been

assigned yet. Upon assigning such a new link, we decreasedthe out-degree credit of node u. Each simulated Power-lawnetworks consists of 200 nodes and in average 900 links.

We turn to specify the generation of the Waxman topologies,following the lines of [37]. Initially, we located the source andthe destination at the diagonally opposite corners of a squareof unit dimension. Then, we randomly spread 198 nodes overthe square. Finally, for each pair of nodes u, v we introduced alink (u, v) with the following probability, where δ(u, v) is thedistance between the nodes:

p(u, v) = α · exp−δ(u, v)

β ·√

2

considering α = 1.8 and β = 0.05. Each simulated Waxmannetwork consists of 200 nodes and in average 1800 links.

B. Results

The simulation results are illustrated in figure 8. We recallthat the average delay ratio ρD(p) is a normalized metricfor comparing the improvement of p-survivable connectionsover the traditional fully disjoint path approach (i.e., 1-survivable connections). The number of networks that admitted1-survivable connections was in the range of 7000 to 8000 (outof 10, 000), hence the samples were always significant.

The chart depicted in Fig. 8 presents the average delay ratioimprovement as a function of the required level of survivability,for different mixes of “fast” and “slow” links (i.e., valuesof ω), for each of the two classes of network topologies,namely Power Law and Waxman. Overall, we observe that amodest relaxation, of a few percents in the survivability level,is enough to provide significant improvement in terms of delay.Specifically, for Power Law networks (Fig. 8a), alleviating thesurvivability level by about 5% provides an improvement ofabout 20% for the homogeneous case of all-fast links (i.e.,ω = 1), and it grows to about 40%−60% for the heterogeneouscases in the range ω = 0.4 − 0.8. Quite similar results areobserved for Waxman networks (Fig. 8b).

Moreover, in all cases, most of the delay improvement isalready achieved by alleviating the survivability level by about1.5%. We thus conclude that, in a typical setting, where thereis some presence of relatively slower links (e.g., due to largepropagation delays or low bandwidth), a modest alleviation inthe survivability level about doubles the performance in termsof delay.

VII. A NETWORK DESIGN PERSPECTIVE

Suppose that we are provided with a “budget” in order toimprove the total survivability level between a couple of nodesin the network, by way of upgrading the links in terms of theirrobustness to failures. Within this problem setting and the classof CT problems, we proceed to indicate how to exploit theparticular structure of the CT solutions that has been establishedin section III. Theorem 3.1 and its corollaries significantlyreduce the amount of links that affect the optimal solution ofthe CT problems. Specifically, the set of candidate critical links

13

Parameters: G(V,E)- network, s- source, t- destination,L- the in-all-weight-shortest-paths links setVariables: πshort- a weight-shortest path in the originalnetwork, W (πshort) -the weight of a weight-shortestpath in the original network, G(V , E)- excluded linktransformed networkπshort- a weight-shortest path in the transformednetwork, W (πshort) -the weight of a weight-shortestpath in the original transformed network,1) Find a weight-shortest πshort path between s and t in

G(V,E) and its weight is denoted by W (πshort).2) For each e ∈ πshort

a) Set G(V , E) as G(V,E) excluding the link eb) Find a weight-shortest path πshort between s and t

in G(V , E) and its weight is given by W (πshort).c) If W (πshort) > W (πshort) then L = L ∪ {e}.

return L.Fig. 9: In-All-Weight-Shortest-Paths Links (IAWSPL) Algo-rithm

C is limited to a (typically small) subset of E, namely the in-all-weight-shortest-paths links L. This means that only theselinks should be considered as candidates for an upgrade.

A. Discovering the in-all-weight-shortest-paths links

We begin by sketching an algorithmic scheme for findingthe in-all-weight-shortest-paths links set L, denoted as the In-All-Weight-Shortest-Paths Links (IAWSPL) Algorithm, whichis illustrated in Fig. 9.

Given are a network G(V,E) and a pair of nodes s and t.First, our scheme finds a weight-shortest path πshort between sand t and its weight W (πshort) in the original network G(V,E)by employing a well-known shortest path algorithm, such asDijkstra’s [33]. For each link e in that weight-shortest pathπshort, consider G(V , E), which is a replica of the originalnetwork G(V,E) excluding the specified link e. Next, find inthe network G(V , E) a weight-shortest path πshort betweens and t and its weight W (πshort), which is, clearly, greaterthan or equal to W (πshort). If its weight W (πshort) is greaterthan W (πshort), then the excluded link e belongs to the in-all-weight-shortest-paths links set L. Otherwise, i.e., if its weightW (πshort) is equal to W (πshort), then the excluded link e doesnot belong to the set L. This process is repeated for all links ofthe weight-shortest path πshort between s and t of the originalgraph G(V,E).

Next, we analyze the complexity of the IAWSPL Algorithm,denoting the number of links in the weight-shortest path as K.The IAWSPL Algorithm executes an algorithm for finding aweight-shortest path K + 1 times. Dijkstra’s algorithm can beperformed for this purpose and its running time is O(M +N ·log(N)) [33]. Hence, the total time complexity of the IAWSPLAlgorithm is given by O(K · (M +N · log(N))).

B. Optimal Links Upgrade Problem

We proceed to formulate several network design problems,that seek to allocate a given “upgrade budget” among thevarious links of the network, in a way that optimizes the totalsurvivability level between a given pair of nodes. Accordingto Theorem 3.1, we should limit our attention only to thelinks that belong to the in-all-weight-shortest-paths links setL. Consequently, we should execute the IAWSPL Algorithmin order to find L.

Given a network G(V,E), each link e ∈ L is associatedwith a cost ue, referred to as its upgrade level. Accordingly,the upgrade vector is the vector of the upgrade levels ofall links in the set L, i.e. U = (ue|e ∈ L). We considertwo types of upgrade levels. In the first, the upgrade levelconstitutes an additive improvement to the link’s survivabilitylevel, i.e. its success probability. Such an upgrade incurs some(monetary) cost, which is considered to be equal to the upgradelevel and will never exceed pe. In the second, the upgradelevel constitutes a multiplicative improvement to the link’ssurvivability level, up to pe

(1−pe) . We thus define the followingoptimization problems.

Definition 7.1: Optimal Additive Upgrade Problem: Givenare a network G(V,E), a source node s ∈ V , a destination nodet ∈ V , the in-all-weight-shortest-paths links set L between sand t and an upgrade budget B. Each link e ∈ E in the networkis associated with a failure probability value pe ∈ (0, 1). Findan upgrade vector U = (ue|e ∈ L) such that:

max∏e∈L(1− pe + ue)

s.t.∑e∈L ue ≤ B

∀e ∈ L ue ≥ 0∀e ∈ L ue ≤ pe.

Definition 7.2: Optimal Multiplicative Upgrade Problem:Given are a network G(V,E), a source node s ∈ V , adestination node t ∈ V , the in-all-weight-shortest-paths linksset between s and t L and an upgrade budget B. Find anupgrade vector U = (ue|e ∈ L) such that:

max∏e∈L(1 + ue) · (1− pe)

s.t.∑e∈L ue ≤ B

∀e ∈ L ue ≥ 0∀e ∈ L (1 + ue)(1− pe) ≤ 1.

We proceed to establish solutions to the above problems.We first note that the logarithmic operation on the objective

function does not affect the additive optimization problem.Therefore, the Optimal Additive Upgrade Problem can beredefined as the following minimization problem.

min −∑e∈L ln(1− pe + ue)

s.t.∑e∈L ue −B ≤ 0

∀e ∈ L − ue ≤ 0∀e ∈ L ue − pe ≤ 0.

(1)

The above optimization problem is convex. Therefore, theKarush-Kuhn-Tucker (KKT) conditions provide necessary and

14

sufficient conditions for optimality [38]. The KKT conditionscan be described as follows:

∀e ∈ L − 1

(1− pe + ue)+ λ− µe + γe = 0 (2)∑

e∈Lue ≤ B (3)

∀e ∈ L − ue ≤ 0 (4)∀e ∈ L ue − pe ≤ 0 (5)∀e ∈ L λ, µe, γe ≥ 0 (6)

λ(∑e∈L

ue −B) = 0 (7)

∀e ∈ L µeue = 0 (8)∀e ∈ L γe(ue − pe) = 0 (9)

The solution to this problem is

ue(λ) =

pe λ ≤ 11λ − (1− pe) 1 ≤ λ ≤ 1

1−pe0 λ > 1

1−pe

where λ is obtained by:∑e∈L

max(0,min(1

λ− (1− pe), pe)) = B.

The above optimization problem is the well-known Water-Filling problem [38]. Consequently, the optimal solution is torepeatedly split the upgrade budget among the links of the in-all-weight-shortest-paths links set L with the (currently) highestfailure probability, until either the budget is exhausted or all thelinks assume zero failure probability.

2) Multiplicative Optimal Links Upgrade Problem solution:We note that neither the execution of a logarithmic operationon the objective function nor the constant (1 − pe) affect theabove optimization problem. Thus, the objective function canbe substituted by

∑e∈L ln(1+ue) and the design problem can

be redefined as the following minimization problem:

min −∑e∈L ln(1 + ue)

s.t.∑e∈L ue −B ≤ 0

∀e ∈ L − ue ≤ 0∀e ∈ L ue − pe

(1−pe) ≤ 0.

(10)

In order to solve the above minimization problem, weconsider the following Lagrange dual function:

L(x, λ, µ, γ) =∑e∈L− ln(ue + 1) + λ(

∑e∈L ue −B)

+∑e∈L−µeue +

∑e∈L γe(ue −

pe(1−pe) ).

In the above formulation, the objective and the inequalityconstraint functions are convex and affine. Therefore, the fol-lowing Karush-Kuhn-Tucker (KKT) conditions provide neces-

sary and sufficient for optimality [38]:

∀e ∈ L − 1

1 + ue+ λ− µe + γe = 0 (11)

λ(∑e∈L

ue −B) = 0 (12)

∀e ∈ L µeue = 0 (13)

∀e ∈ L γe(ue −pe

(1− pe)) = 0 (14)

∀e ∈ L λ, µe, γe ≥ 0 (15)∀e ∈ L − ue ≤ 0 (16)

∀e ∈ L ue −pe

(1− pe)≤ 0 (17)∑

e∈Lue ≤ B (18)

We proceed to establish the upgrade vector U out of theabove KKT conditions. From the above equations we concludethat the feasible values of λ are in the range of [0, 1] and,consequently, the upgrade level of each link ue as a functionof λ should be:

ue(λ) =

{ pe(1−pe) 0 ≤ λ ≤ (1− pe)1λ − 1 (1− pe) < λ < 1

Consequently, there are three different cases for upgradingthe desirable links. The first one is the case where the upgradebudget B is sufficient for fully supplying (100%) survivability(equation (18) satisfies the strict inequality). Therefore, eachlink will be upgraded by pe

(1−pe) . The second one is the casewhere none of the links are fully upgraded (equation (17)satisfies the strict inequality for all links). Therefore, the budgetB is split equally among the links in L. The last one is thecase where the upgrade budget B is fully utilized but only partof the links are fully upgraded. Therefore, these links will beupgraded by pe

(1−pe) and the remaining budget is split equallyamong the rest of links.

The optimal solution for the Optimal Multiplicative UpgradeProblem 7.2 equally splits the budget B among the in-all-weight-shortest-path links of the network until a link e ∈ Lcannot be improved anymore. The algorithm, illustrated inFig. 10, describes the process of upgrading the various linksaccording to the above scheme.

Next, we analyze the time complexity of Algorithm 10,denoting the number of links in the weight-shortest path asK and the number of links in set L as L. Algorithm 10first executes the IAWSPL Algorithm whose running time isO(K ·(M+N · log(N))). Next, the algorithm splits the budgetamong the members of the set L, incurring a running time ofO(L2). Hence, the total time complexity of Algorithm 10 isO(K · (M +N · log(N)) + L2).

VIII. ON MIN-MAX SURVIVABLE CONNECTIONS

In this section, we proceed to consider the following variantof the survivable connections problem, termed the ConstrainedSurvivability Min-Max-QoS (CSMMQ) Problem, where the

15

Parameters:G(V,E)- networks- sourcet- destinationpe- link failure probabilitieswe- link weightsB- upgrade budget constraintU -upgrade vector

Variables:L- a set of links which can be improvedB - remaining budget

Algorithm:1) Initially, set U = 0 and B = B.2) Find the in-all-weight-shortest-paths links set L

employing IAWSPL Algorithm (Fig. 9).while L is not empty do

Find a link e in L with the minimum failureprobability.if the remaining budget B can be split equally amongL then

foreach e ∈ L doue = B

|L|endreturn

endSet ue = pe

(1−pe) and subtract the value of ue from B

Extract link e from L

end

Fig. 10: Optimal Links Upgrade Algorithm

objective function aims at minimizing the weight of the worst ofthe two paths that compose the survivable connection. We willshow that any solution to the CT-CSMQ optimization problem(Def. 2.7) provides a 2-approximation scheme for the newproblem variant. We proceed to formally define the CSMMQproblem.

Definition 8.1: Constrained Survivability Min-Max-QoS(CSMMQ) Problem: Given are a network G(V,E), a sourcenode s ∈ V , a destination node t ∈ V and a surviv-ability level S ∈ [Smin, 1]. Find a survivable connection(π1, π2) ∈ P (s,t) × P (s,t) from s to t such that:

min W (π2)

s.t. W (π1) ≤W (π2)∏

e∈π1∩π2

(1− pe) ≥ S.

Note that, w.l.o.g., we may assume that π2 is the worst pathin terms of its weight, i.e. W (π1) ≤ W (π2). The CSMMQProblem is NP-hard, since the well-known NP-hard Min-Maxdisjoint paths problem [21] is a special case of the CSMMQProblem by setting S = 1. We proceed to show that anysolution to the CT-CSMQ problem is a 2-approximation forthe CSMMQ Problem.

Theorem 8.1: Given are an optimal solution (π1, π2) for theCT-CSMQ problem such that W (π2) ≥W (π1) and an optimalsolution (π1, π2) for the CSMMQ problem such that W (π2) ≥W (π1). The weight of path π2 is at most 2-times greater thanthe weight of path π2, i.e. W (π2) ≤ 2 ·W (π2).

Proof: Since (π1, π2) is an optimal solution for the CT-CSMQ problem, we have that W (π2) + W (π1) ≤ W (π2) +W (π1). Moreover, by assumption, we have that W (π2) +W (π1) ≤ 2 ·W (π2) and trivially W (π2) ≤ W (π2) + W (π1).Consequently, we have that W (π2) ≤ 2 ·W (π2).

Since the CT-QAMSC Algorithm (Def. 4) constitutes a 1+εapproximation scheme for the CT-CSMQ Problem, it is also a2-approximation scheme for the CSMMQ problem.

IX. CONCLUSIONS

Tunable survivability is a novel quantitative approach, whichcan be tuned to accommodate any desired level (0%-100%)of survivability, while alleviating the full (100%) protection re-quirement of the traditional survivability schemes. In this work,we established efficient algorithmic schemes for optimizing thelevel of survivability while obeying an additive end-to-end QoSconstraint. Additionally, for an important class of problems, wecharacterized a fundamental property, by which the links thataffect the total survivability level of the optimal routing pathsbelong to a typically small subset. This finding gave rise toan efficient design scheme for improving the network end-to-end survivability and, additionally, the complexity of the al-gorithmic scheme. Finally, through comprehensive simulations,we demonstrated the advantage of tunable survivability overtraditional survivability schemes.

We are currently investigating the practical aspects of ourfindings in order to implement tunable survivability schemesin MPLS network architectures, similarly to [23]. Furthermore,we refer the reader to [39] for an extension of the tunablesurvivability approach that handles multiple concurrent connec-tions. Moreover, similarly to [15], [15] and [40], we considerextending our model beyond the traditional single failure andcope with multiple failures.

The deployment of the tunable survivability concept will beconsidered in the context of novel architectures such as thatbeing designed in the FP7 ETICS (Economics and Technologiesfor Inter-Carrier Services) project[41]. In addition, while ourwork has focused on centralized algorithms, the distributedimplementation of our algorithmic schemes is yet anotherimportant issue for future investigation.

While there is still much to be done towards the actual de-ployment of the tunable survivability approach, we believe thatthis study provides evidence to the profitability of implementingthis novel concept, as well as useful insight and building blockstowards the construction of a comprehensive solution.

REFERENCES

[1] “IEEE P802.3ba 40Gb/s and 100Gb/s Ethernet Task Force,” IETF, Jun.2010. [Online]. Available: http://www.ieee802.org/3/ba/

[2] C. R. and Cole, “100-gb/s and beyond transceiver technologies,” OpticalFiber Technology, vol. 17, no. 5, pp. 472 – 479, 2011.

16

[3] “Cisco Introduces Foundation for Next-Generation Internet: The CiscoCRS-3 Carrier Routing System,” Mar. 2010. [Online]. Available:http://newsroom.cisco.com/dlls/2010/prod 030910.html

[4] “ITU-T g.8032: Ethernet ring protection switching,” 2010. [Online].Available: http://www.itu.int/rec/T-REC-G.8032-201003-P/en

[5] N. Sprecher and A. Farrel, “MPLS Transport Profile (MPLS-TP) Surviv-ability Framework,” RFC 6372, Sep. 2011.

[6] A. Askarian, Y. Zhai, S. Subramaniam, Y. Pointurier, and M. Brandt-Pearce, “Protection and restoration from link failures in DWDM net-works: A cross-layer study,” in IEEE ICC, 2008.

[7] E. Rosen, A. Viswanathan, and R. Callon, “Multiprotocol Label SwitchingArchitecture,” RFC 3031, Jan. 2001.

[8] M. Alicherry and R. Bhatia, “Preprovisioning networks to support fastrestoration with minimum over-build,” in IEEE Infocom, 2004.

[9] M. T. Frederick and A. K. Somani, “A single-fault recovery strategy foroptical networks using sub-graph routing,” in IEEE ONDM, 2003.

[10] S. Ramamurthy, L. Sahasrabuddhe, and B. Mukherjee, “Survivable WDMmesh networks,” Journal of Lightwave Technology, vol. 21, no. 4, pp.870–883, 2003.

[11] Y. Bejerano, Y. Breitbart, A. Orda, R. Rastogi, and A. Sprintson, “Al-gorithms for computing QoS paths with restoration,” IEEE/ACM Trans.Netw., vol. 13, no. 3, pp. 648–661, 2005.

[12] R. Banner and A. Orda, “Designing low-capacity backup networks forfast restoration,” in IEEE Infocom, 2010.

[13] J. Tapolcai, B. Wu, and P. Ho, “On monitoring and failure localizationin mesh all-optical networks,” in IEEE Infocom, 2009.

[14] A. Bhattacharya and A. Kumar, “Qos aware and survivable net-work design for planned wireless sensor networks,” arXiv preprintarXiv:1110.4746, 2011.

[15] M. Johnston, H. Lee, and E. Modiano, “A robust optimization approachto backup network design with random failures,” in IEEE Infocom, 2011.

[16] P. Heegaard and K. Trivedi, “Network survivability modeling,” ComputerNetworks, vol. 53, no. 8, pp. 1215–1234, 2009.

[17] R. Banner and A. Orda, “The power of tuning: A novel approach for theefficient design of survivable networks,” IEEE/ACM Trans. Networking,vol. 15, no. 4, pp. 737 –749, aug. 2007.

[18] “Cisco wiki - Quality of Service Networking,” Mar. 2012. [Online].Available: http://docwiki.cisco.com/wiki/Quality of Service Networking

[19] J. Yallouz, O. Rottenstreich, and A. Orda, “Tunable survivable spanningtrees,” in ACM SIGMETRICS, 2014.

[20] D. Xu, Y. Chen, Y. Xiong, C. Qiao, and X. He, “On the complexity ofand algorithms for finding the shortest path with a disjoint counterpart,”IEEE/ACM Transactions on Networking, vol. 14, no. 1, pp. 147–158,2006.

[21] C. Li, S. McCormick, and D. Simchi-Levi, “The complexity of findingtwo disjoint paths with min-max objective function,” Discrete AppliedMathematics, vol. 26, no. 1, pp. 105–115, 1990.

[22] J. W. Suurballe and R. E. Tarjan, “A quick method for finding shortestpairs of disjoint paths,” Networks, vol. 14, no. 2, pp. 325–336, 1984.

[23] A. Sprintson, M. Yannuzzi, A. Orda, and X. Masip-Bruin, “Reliablerouting with QoS guarantees for multi-domain ip/mpls networks,” in IEEEInfocom, 2007.

[24] A. Fumagalli and M. Tacca, “Optimal design of optical ring networkswith differentiated reliability (dir),” in QoS-IP, 2001.

[25] F. Iqbal and F. A. Kuipers, “Disjoint paths in networks,” Wiley Encyclo-pedia of Electrical and Electronics Engineering, 2015.

[26] W. Lai and D. McDysan, “Network Hierarchy and Multilayer Survivabil-ity,” RFC 3386, Nov. 2002.

[27] M. R. Garey and D. S. Johnson, ”Computers and Intractability: A Guideto the Theory of NP-Completeness”. W. H. Freeman & Co., 1979.

[28] B. Hayes, “The easiest hard problem,” American Scientist, vol. 90, no. 2,pp. 113–117, 2002.

[29] E. Lawler, Combinatorial optimization: networks and matroids. DoverPubns, 2001.

[30] H. Joksch, “The shortest route problem with constraints,” Journal ofMathematical analysis and applications, vol. 14, pp. 191–197, 1966.

[31] R. Hassin, “Approximation schemes for the restricted shortest pathproblem,” Mathematics of Operations Research, vol. 17, no. 1, pp. 36–42,1992.

[32] D. H. Lorenz and D. Raz, “A simple efficient approximation schemefor the restricted shortest path problem,” Operations Research Letters,vol. 28, no. 5, pp. 213 – 219, 2001.

[33] M. Fredman and R. Tarjan, “Fibonacci heaps and their uses in improvednetwork optimization algorithms,” J. of the ACM, vol. 34, no. 3, pp. 596–615, 1987.

[34] R. Bhandari, ”Survivable Networks: Algorithms for Diverse Routing”.Springer, 1999.

[35] L. Braunstein, S. Buldyrev, R. Cohen, S. Havlin, and H. Stanley, “Optimalpaths in disordered complex networks,” Physical review letters, vol. 91,no. 16, p. 168701, 2003.

[36] M. Faloutsos, P. Faloutsos, and C. Faloutsos, “On power-law relationshipsof the internet topology,” in ACM SIGCOMM, 1999.

[37] B. Waxman, “Routing of multipoint connections,” IEEE JSAC, vol. 6,no. 9, pp. 1617–1622, 1988.

[38] S. Boyd and L. Vandenberghe, ”Convex Optimization”. CambridgeUniversity Press, 2004.

[39] M. Keslassy and A. Orda, “Establishing multiple survivable connections,”Arxiv, 2016. [Online]. Available: https://arxiv.org/abs/1605.04434

[40] K. Lee, H. Lee, and E. Modiano, “Reliability in layered networks withrandom link failures,” in IEEE Infocom, 2010.

[41] N. Le Sauze, A. Chiosi, R. Douville, H. Pouyllau, H. Lonsethagen,P. Fantini, C. Palas-ciano, A. Cimmino, M. Rodriguez, O. Dugeon et al.,“Etics: Qos-enabled interconnection for future internet services,” FutureNetwork and Mobile Summit, 2010.