1 / 14

Virtual Private Networks: An Overview with Performance Evaluation

Virtual Private Networks: An Overview with Performance Evaluation. Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago. Presented by: Abe Murray. CS577: Advanced Computer Networks. Outline. Abstract / Intro VPN Basics VPN Software Architecture VPN Characterization

polly
Download Presentation

Virtual Private Networks: An Overview with Performance Evaluation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Private Networks:An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by: Abe Murray CS577: Advanced Computer Networks

  2. Outline • Abstract / Intro • VPN Basics • VPN Software Architecture • VPN Characterization • Network Performance • Features and Functionality • Operational Concerns • Experiments • Results • Network Performance • Features and Functionality • Operational Concerns • Closing CS577: Advanced Computer Networks

  3. Abstract • Virtual Private Network (VPN) • Have become popular • Multitude of Proprietary, and Open-Source solutions • Authors compared a number of open-source linux-based VPN solutions (OSLVs) • UDP tunnels have 50% less overhead, 80% greater bandwidth utilization, and 40-60% less latency CS577: Advanced Computer Networks

  4. VPN Basics • A VPN is a TCP/IP stack modification • Adds a VPN daemon, and a Virtual Network Interface (VNI) • Control plane (TCP): • Peer authentication • Session keys • IP mapping to subnetworks • Data plane (TCP or UDP): • Serial pipeline with encryption • Authentication, compression CS577: Advanced Computer Networks

  5. VPN Software Architecture • VPN packet arrives at eth1, routed to VNI • VPN packet arrives at VNI, handed to VPN daemon • VPN packet is compressed/encrypted, then handed to transport layer Subsequently, handled and routed like any other packet, with the exception that its contents are encrypted with the session key CS577: Advanced Computer Networks

  6. VPN Characterization:Network Performance • Overhead • 75% header/trailers, compressible • 25% encryption, padding, not compressible • Bandwidth Utilization • Overhead reduces goodput • Latency makes default TCP window insufficient • TCP stacking results in degradation • Latency/Jitter • Longer packet data path • Additional processing due to encryption • Additional data copies due to user-space VPN CS577: Advanced Computer Networks

  7. VPN Characterization:Features and Functionality • Code Modularity • Flexibility of OSLV regarding plugins • Cryptos • Routing • Security updates • Routing • Required for transport among VPN participants, must be shared among VPN participants. • Manual? Automated? CS577: Advanced Computer Networks

  8. VPN Characterization:Operational Concerns • Security (relative, subjective) • Proprietary? (security through obscurity) • Open Standard Protocol? (published) • Open Non-Standard Protocol? (published but obscure) • Scalability • Memory utilization per VPN tunnel • Processor utilization per VPN tunnel • Configuration and management (order of magnitude) CS577: Advanced Computer Networks

  9. Private Net 1 Private Net 2 Experiments • All links 100 Mbps • Test Tools: • ethereal - overhead • iperf – bandwidth and jitter • ping – latency VPN Tunnel Assorted OSLV types RedHat 9 Server P4 2 GHz512 MB RAM RedHat 8 Workstation PII 400 MHz128 MB RAM Private Network PC Network Experiments Private Network PC Network Experiments CS577: Advanced Computer Networks

  10. Results:Network Performance CS577: Advanced Computer Networks

  11. Results:Features and Functionality CS577: Advanced Computer Networks

  12. Results:Operational Concerns - Security CS577: Advanced Computer Networks

  13. Results:Operational Concerns - Scalability CS577: Advanced Computer Networks

  14. Conclusions • Tunnel over UDP! • Where did they present the memory/CPU utilization results? • OSLVs are present and useable CS577: Advanced Computer Networks

More Related