虛擬私有網路 (Virtual Private Network, 簡稱VPN) 服務的需求隨著網路的蓬勃發展而與日俱增,由於企業的幅員擴張,使得企業內部或是企業之間的資訊傳佈不再只是侷限於某些被管轄且具高安全性的網路,而是會透過共享的網路架構來傳送資訊。在此情況下,為了要將極為機密的資料安全地傳送至目的地,VPN服務在此時扮演重要的腳色。目前使用VPN服務的網路人口可分為三個主要的層級,擁有核心網路的網路服務提供者管理員 (Service Provider Administrator) ;直接與核心網路界接的區域網路管理者 (Local Device Manager) 以及使用網路服務的終端使用者 (End user),其中網路服務提供者提供各個區域網路的互通性,而區域網路管理者則是提供終端使用者正常的網路連線。 本論文提出雙層式虛擬私有網路服務供裝系統,包含兩種型態的供裝系統,分別是佈建於核心網路中的提供者端設備管理員 (Provider Edge Manager, 簡稱PER) 以及佈建於區域網路中的客戶端設備管理員 (Customer Edge Manager, 簡稱CAR)。其中,PER負責佈建多重通訊協定標籤交換 (MultiProtocol Label Switching, 簡稱MPLS) 型態的VPN服務給區域網路管理者,而CAR負責建置客戶端設備 (Customer Premises Edge-based, 簡稱CPE-based) 型態的VPN服務給終端使用者,並透過PER與CAR之間訊息和VPN狀態的傳遞與溝通,使得區域網路管理者可佈建CPE-based VPN於網路服務提供者建置的MPLS VPN上,達到提供VPN服務給終端使用者之目的。 With the rise of internet, the demands of Virtual Private Network (VPN) services are increased day by day. Due to the expansion of enterprises, information transferring inside the enterprise or between enterprises is not limited in the managed and high security network but through the shared infrastructure. VPN services play the important role under this situation, in order to securely transfer confidential data to the destination. Nowadays, the network populations using VPN services can be divided into three levels: service provider administrator with service provider backbone; local device manager directly connected with service provider and end user using network services. Among network populations described above, service provider administrators provide the interconnectivity among separated local devices, while local device manager provide network connectivity for end users. This thesis proposes two-level VPN service provisioning systems which contain two types of VPN provisioning systems. They are Provider Edge Manager (PER) deployed in service provider backbone and Customer Edge Manager (CAR) deployed in local device. PER deals with provisioning MultiProtocol Label Switching (MPLS) VPN service to local device manager and CAR takes charge of deploying Customer Premises Edge-based (CPE-based) for end users. Local device managers can deploy CPE-based VPN services on MPLS VPN services provided by service provider administrators through information and VPN status exchange among PER and CAR, and reach the goals of providing VPN services for end users.