140 likes | 324 Views
Virtual Private Networks: An Overview with Performance Evaluation. Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago. Presented by: Abe Murray. CS577: Advanced Computer Networks. Outline. Abstract / Intro VPN Basics VPN Software Architecture VPN Characterization
E N D
Virtual Private Networks:An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by: Abe Murray CS577: Advanced Computer Networks
Outline • Abstract / Intro • VPN Basics • VPN Software Architecture • VPN Characterization • Network Performance • Features and Functionality • Operational Concerns • Experiments • Results • Network Performance • Features and Functionality • Operational Concerns • Closing CS577: Advanced Computer Networks
Abstract • Virtual Private Network (VPN) • Have become popular • Multitude of Proprietary, and Open-Source solutions • Authors compared a number of open-source linux-based VPN solutions (OSLVs) • UDP tunnels have 50% less overhead, 80% greater bandwidth utilization, and 40-60% less latency CS577: Advanced Computer Networks
VPN Basics • A VPN is a TCP/IP stack modification • Adds a VPN daemon, and a Virtual Network Interface (VNI) • Control plane (TCP): • Peer authentication • Session keys • IP mapping to subnetworks • Data plane (TCP or UDP): • Serial pipeline with encryption • Authentication, compression CS577: Advanced Computer Networks
VPN Software Architecture • VPN packet arrives at eth1, routed to VNI • VPN packet arrives at VNI, handed to VPN daemon • VPN packet is compressed/encrypted, then handed to transport layer Subsequently, handled and routed like any other packet, with the exception that its contents are encrypted with the session key CS577: Advanced Computer Networks
VPN Characterization:Network Performance • Overhead • 75% header/trailers, compressible • 25% encryption, padding, not compressible • Bandwidth Utilization • Overhead reduces goodput • Latency makes default TCP window insufficient • TCP stacking results in degradation • Latency/Jitter • Longer packet data path • Additional processing due to encryption • Additional data copies due to user-space VPN CS577: Advanced Computer Networks
VPN Characterization:Features and Functionality • Code Modularity • Flexibility of OSLV regarding plugins • Cryptos • Routing • Security updates • Routing • Required for transport among VPN participants, must be shared among VPN participants. • Manual? Automated? CS577: Advanced Computer Networks
VPN Characterization:Operational Concerns • Security (relative, subjective) • Proprietary? (security through obscurity) • Open Standard Protocol? (published) • Open Non-Standard Protocol? (published but obscure) • Scalability • Memory utilization per VPN tunnel • Processor utilization per VPN tunnel • Configuration and management (order of magnitude) CS577: Advanced Computer Networks
Private Net 1 Private Net 2 Experiments • All links 100 Mbps • Test Tools: • ethereal - overhead • iperf – bandwidth and jitter • ping – latency VPN Tunnel Assorted OSLV types RedHat 9 Server P4 2 GHz512 MB RAM RedHat 8 Workstation PII 400 MHz128 MB RAM Private Network PC Network Experiments Private Network PC Network Experiments CS577: Advanced Computer Networks
Results:Network Performance CS577: Advanced Computer Networks
Results:Features and Functionality CS577: Advanced Computer Networks
Results:Operational Concerns - Security CS577: Advanced Computer Networks
Results:Operational Concerns - Scalability CS577: Advanced Computer Networks
Conclusions • Tunnel over UDP! • Where did they present the memory/CPU utilization results? • OSLVs are present and useable CS577: Advanced Computer Networks