1 / 51

Performance Evaluation for Remote Access VPNs on Windows Server 2003

Performance Evaluation for Remote Access VPNs on Windows Server 2003. By: Ahmed A. Jaha Fathi Ben Shatwan Majdi Ashibani. Outlines. Paper Objectives VPN Overview. Experimental Testbeds Experimental Results Conclusions and Future Work. Paper Objectives. Paper Objectives. Overview of VPN

dora
Download Presentation

Performance Evaluation for Remote Access VPNs on Windows Server 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Performance Evaluation for Remote Access VPNs on Windows Server 2003 By:Ahmed A. Jaha Fathi Ben ShatwanMajdi Ashibani

  2. Outlines • Paper Objectives • VPN Overview. • Experimental Testbeds • Experimental Results • Conclusions and Future Work.

  3. Paper Objectives

  4. Paper Objectives • Overview of VPN • Survey popular remote access VPN solutions that are widely available • Performance evaluation of these solutions on wired and wireless windows server 2003 platform experimentally. • Identify issues that have future research potential

  5. VPN Overview

  6. VPN VPN Internet Site 1 Site 2 What is VPN? VPN can be defined as a way to provide secure communication between members of a group through use of the public telecommunication infrastructure (usually the Internet), maintaining privacy through the use of a tunneling protocol and security procedures. VPN systems provide users with the illusion of a completely private network. Acme Corp Tunnel

  7. Tunneling • Method of using an internetwork infrastructure to transfer data from one network over another network (encapsulation, transmission, and decapsulation of packets)

  8. Security of VPN • Authentication • Authentication ensures that the data is coming from the source from which it claims to come.

  9. Security of VPN • Authentication • Access Control • Access control concept relates to the accepting or rejecting of a particular requester to have access to some service or data in any given system. It is therefore necessary to define a set of access rights, privileges, and authorizations, and assign these to appropriate people within the domain of the system under analysis.

  10. Security of VPN • Authentication • Access Control • Confidentiality • Confidentiality ensures the privacy of information by restricting an unauthorized users from reading data carried on the public network.

  11. Security of VPN • Authentication • Access Control • Confidentiality • Data Integrity • Data Integrity verifies that a data has not been altered during its travel over the public network.

  12. Benefits of VPN • Cost • VPN eliminate the fixed monthly charge of dedicated leased lines.

  13. Benefits of VPN • Cost • Scalability • As the enterprise grows, full-mesh connectivity might be required between the different offices. This means that the number of leased lines, and the total cost associated with deploying them, increases exponentially. • VPN that utilizes the Internet avoid this problem by simply using the infrastructure already available.

  14. Benefits of VPN • Cost • Scalability • Security • Security is not impaired when using VPN since transmitted data is either encrypted or, if sent unencrypted, forwarded through trusted networks.

  15. Benefits of VPN • Cost • Scalability • Security • Productivity • In addition to cost savings, VPN increases profits by improving productivity. • The improved productivity results from the ability to access resources from anywhere at anytime.

  16. Remote Access VPN User-to-LAN connection used by enterprises that have employees who need to connect to their private network from various remote locations (e.g. homes, hotel rooms, airports). Architecture of VPN Enterprise main site Internet Remote User

  17. Remote Access VPN Intranet Site-to-Site VPN LAN-to-LAN connection used to connect enterprise’s offices over Internet Architecture of VPN Enterprise main site Internet Enterprise branch site

  18. Remote Access VPN Intranet Site-to-Site VPN Extranet Site-to-Site VPN LAN-to-LAN connection Provides business partners, suppliers, and customers access to certain data. Architecture of VPN Enterprise main Site Internet Supplier Site Partner Site

  19. Remote Access VPN Protocols (L2) • Point to Point Tunneling Protocol (PPTP) • Developed by microsoft and others (RFC 2637). • Extension of Point to Point Protocol (PPP). • Clients are included in all versions of Windows since Windows 95. • Servers are included in all windows server products since Windows NT. • Clients and servers are supported in Linux.

  20. Remote Access VPN Protocols (L2) • Point to Point Tunneling Protocol (PPTP) • Layer Two Tunneling Protocol (L2TP) • Developed by IETF (RFC 2661). • Combines best features of L2F and PPTP. • Commonly used with IPSec -> L2TP/IPSec. • Clients are included in windows xp, 2000, and 2003. • Servers are included in windows server 2000 and 2003. • Clients and servers are supported in Linux.

  21. Remote Access VPN Protocols (L3) • Point to Point Tunneling Protocol (PPTP) • Layer Two Tunneling Protocol (L2TP) • Internet Protocol Security (IPSec) • Framework Developed by IETF (RFCs 2401-2411 and 2451). • IPSec is supported in Windows XP, 2000, 2003 and Vista, in Linux 2.6 and later. • Many vendors supply IPSec VPN servers and clients.

  22. Remote Access VPN Protocols (L5) • Point to Point Tunneling Protocol (PPTP) • Layer Two Tunneling Protocol (L2TP) • Internet Protocol Security (IPSec) • Secure Socket Layer (SSL) • Higher layer security protocol developed by Netscape. • Used with HTTP to enable secure Web browsing (HTTPS). • Supported by most browsers and servers • SSL can also be used to create a VPN tunnel (OpenVpn). • Open-source VPN package for Linux and Windows.

  23. Experimental Testbeds

  24. Performance Metrics Throughput The rate at which bulk of data transfers can be transmitted from one host to another over a sufficiently long period of time.

  25. Throughput Round Trip Time (RTT) The amount of time it takes one packet to travel from one host to another and back to the originating host. Performance Metrics

  26. Throughput Round Trip Time (RTT) Packet delay variation (Jitter) The variation of packet delay where delays actually impact the quality of service. Performance Metrics

  27. Throughput Round Trip Time (RTT) Packet delay variation (Jitter) Packet loss The portion of packets transmitted but not received in the destination compared to the total number or packets transmitted. Performance Metrics

  28. Wired Testbed Setup

  29. Wired Testbed Setup Desktop PC equipped with double 2600 MHz processor, 512 Mbytes of RAM, and VIA Rhine II Compatible Fast Ethernet Adapter built-in NIC and loaded with windows server 2003 and configured to act as a domain controller server.

  30. Wired Testbed Setup Desktop PC equipped with double Genuine Intel 3000 MHz processor, 512 Mbytes of RAM, Broadcom Extreme Gigabit Ethernet built-in NIC, and VIA VT6105 Rhine III Compatible Fast Ethernet NIC,loaded with windows server 2003, and configured to act as PPTP, L2TP/IPSec, and SSL VPN servers.

  31. Wired Testbed Setup Laptop PC equipped with Genuine Intel 1866 MHz processor, 512 Mbytes of RAM, Broadcom 440x 10/100 Integrated controller built-in NICandloaded with windows xp sp/2 and configured to act as PPTP, L2TP/IPSec, and SSL VPN clients.

  32. Wired Testbed Setup D-Link, 10/100 Fast Ethernet Switch. .

  33. Wireless Testbed Setup LINKSYS, wireless-G, AP with SES model WAP54G.

  34. Throughput/Jitter/Losses Iperf server Throughput/Jitter/Losses Iperf client Performance measurement Tools (Iperf)

  35. Round Trip Time (RTT) Hrping Performance measurement Tools (Hrping)

  36. Experimental Results

  37. TCP throughput

  38. TCP throughput

  39. Round Trip Time (RTT)

  40. UDP Throughput

  41. Jitter

  42. Packet Loss

  43. TCP throughput in % of no VPN 82.37 % 55.23 % 52.59 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Round Trip Time (RTT) in multiple of no VPN 1.98 2.52 2.86 Wired PPTP Wired L2TP/IPSec Wired OpenVPN UDP throughput in % of no VPN 6.65 % 68.12 % 51.04 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Jitter in multiple of no VPN 2.53 4.34 377.18 Wired PPTP Wired L2TP/IPSec Wired OpenVPN Packet loss in multiple of no VPN 5.27 24.55 3.49 Wired PPTP Wired L2TP/IPSec Wired OpenVPN Wired Testbeds Results

  44. Wired Testbeds Results TCP throughput in % of no VPN 82.37 % 55.23 % 52.59 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Round Trip Time (RTT) in multiple of no VPN 1.98 2.52 2.86 Wired PPTP Wired L2TP/IPSec Wired OpenVPN UDP throughput in % of no VPN 6.65 % 68.12 % 51.04 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Jitter in multiple of no VPN 2.53 4.34 377.18 Wired PPTP Wired L2TP/IPSec Wired OpenVPN Packet loss in multiple of no VPN 5.27 24.55 3.49 Wired PPTP Wired L2TP/IPSec Wired OpenVPN Due to the smallest overhead packets that have been introduced by PPTP,PPTP on both windows server 2003 and fedora core 6 have produced the best performance values for both TCP and UDP-based user applications.

  45. Wired Testbeds Results TCP throughput in % of no VPN 82.37 % 55.23 % 52.59 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Round Trip Time (RTT) in multiple of no VPN 1.98 2.52 2.86 Wired PPTP Wired L2TP/IPSec Wired OpenVPN UDP throughput in % of no VPN 6.65 % 68.12 % 51.04 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Jitter in multiple of no VPN 2.53 4.34 377.18 Wired PPTP Wired L2TP/IPSec Wired OpenVPN Packet loss in multiple of no VPN 24.55 3.49 5.27 Wired PPTP Wired L2TP/IPSec Wired OpenVPN In order to have strong security, L2TP/IPSec combines L2TP's tunnel with IPSec's secure channel which increases the overhead packets. So, L2TP/IPSec on both windows server 2003 and fedora core 6 has produced a good performance values for both TCP and UDP-based user applications.

  46. Wired Testbeds Results TCP throughput in % of no VPN 82.37 % 55.23 % 52.59 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Round Trip Time (RTT) in multiple of no VPN Because OpenVPN was written as a user space daemon rather than a kernel module, OpenVPN on both windows server 2003 and fedora core 6 have produced a lower performance values in high traffic environments. 1.98 2.52 2.86 Wired PPTP Wired L2TP/IPSec Wired OpenVPN UDP throughput in % of no VPN 6.65 % 68.12 % 51.04 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Jitter in multiple of no VPN 2.53 4.34 377.18 Wired PPTP Wired L2TP/IPSec Wired OpenVPN Packet loss in multiple of no VPN 24.55 3.49 5.27 Wired PPTP Wired L2TP/IPSec Wired OpenVPN

  47. Wireless Testbeds Results TCP throughput in % of no VPN 83.33 % 68.38 % 53.85 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Round Trip Time (RTT) in multiple of no VPN 1.33 1.50 1.60 Wired PPTP Wired L2TP/IPSec Wired OpenVPN UDP throughput in % of no VPN 8.44 % 65.68 % 59.98 % Wired PPTP Wired L2TP/IPSec Wired OpenVPN Jitter in multiple of no VPN 1.64 2.20 44.76 Wired PPTP Wired L2TP/IPSec Wired OpenVPN Packet loss in multiple of no VPN 1.51 5.02 1.43 Wired PPTP Wired L2TP/IPSec Wired OpenVPN

  48. Conclusions and Future Work

  49. Conclusions • Testbeds have been built to evaluate the performance of remote access VPN solutions (PPTP, L2TP/IPSec, and OpenVPN) on wired and wireless windows server 2003 platform. • Performance metrics (Throughput, RTT, Jitter, and packet loss) have been measured in both TCP and UDP mode. These metrics are used in our experiments as they have a direct impact on the ultimate performance perceived by end user applications. • The wireless testbed performance values indicate that the deployment of VPNs on a wireless network infrastructure could be considered as an acceptable choice to secure transmission between wireless clients and their enterprise network.

  50. Future Work • The performance of software-based VPN solutions on platforms other than windows server 2003 (such as Linux, BSD, Mac, and Solaris) can be evaluated to select the best platform that will be used to implement the software-based VPN solutions. • The performance evaluation of hardware-based VPN solutions using different hardware VPN products (such as 3Com, ADTRAN, Cisco, and Juniper) should be investigated as well. • The OpenVPN needs to be manipulated to improve it’s performance in high traffic environment.

More Related