Virtual Private Networks: An Overview with Performance Evaluation - PowerPoint PPT Presentation

Loading...

PPT – Virtual Private Networks: An Overview with Performance Evaluation PowerPoint presentation | free to download - id: 7238e4-YzA0Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Virtual Private Networks: An Overview with Performance Evaluation

Description:

... Features and Functionality Code Modularity Flexibility of OSLV regarding plugins Cryptos Routing ... research to Mesh ... Hop Wireless Network ... – PowerPoint PPT presentation

Number of Views:78
Avg rating:3.0/5.0
Slides: 15
Provided by: JnGr
Learn more at: http://www.wpi.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Virtual Private Networks: An Overview with Performance Evaluation


1
Virtual Private Networks An Overview with
Performance Evaluation
  • Shashank Khanvilkar and Ashfaq Khokhar,
    University of Illinois at Chicago

Presented by Abe Murray
CS577 Advanced Computer Networks
2
Outline
  • Abstract / Intro
  • VPN Basics
  • VPN Software Architecture
  • VPN Characterization
  • Network Performance
  • Features and Functionality
  • Operational Concerns
  • Experiments
  • Results
  • Network Performance
  • Features and Functionality
  • Operational Concerns
  • Closing

CS577 Advanced Computer Networks
3
Abstract
  • Virtual Private Network (VPN)
  • Have become popular
  • Multitude of Proprietary, and Open-Source
    solutions
  • Authors compared a number of open-source
    linux-based VPN solutions (OSLVs)
  • UDP tunnels have 50 less overhead, 80 greater
    bandwidth utilization, and 40-60 less latency

CS577 Advanced Computer Networks
4
VPN Basics
  • A VPN is a TCP/IP stack modification
  • Adds a VPN daemon, and a Virtual Network
    Interface (VNI)
  • Control plane (TCP)
  • Peer authentication
  • Session keys
  • IP mapping to subnetworks
  • Data plane (TCP or UDP)
  • Serial pipeline with encryption
  • Authentication, compression

CS577 Advanced Computer Networks
5
VPN Software Architecture
  • VPN packet arrives at eth1, routed to VNI
  • VPN packet arrives at VNI, handed to VPN daemon
  • VPN packet is compressed/encrypted, then handed
    to transport layer
  • Subsequently, handled and routed like any other
    packet, with the exception that its contents are
    encrypted with the session key

CS577 Advanced Computer Networks
6
VPN Characterization Network Performance
  • Overhead
  • 75 header/trailers, compressible
  • 25 encryption, padding, not compressible
  • Bandwidth Utilization
  • Overhead reduces goodput
  • Latency makes default TCP window insufficient
  • TCP stacking results in degradation
  • Latency/Jitter
  • Longer packet data path
  • Additional processing due to encryption
  • Additional data copies due to user-space VPN

CS577 Advanced Computer Networks
7
VPN Characterization Features and Functionality
  • Code Modularity
  • Flexibility of OSLV regarding plugins
  • Cryptos
  • Routing
  • Security updates
  • Routing
  • Required for transport among VPN participants,
    must be shared among VPN participants.
  • Manual? Automated?

CS577 Advanced Computer Networks
8
VPN Characterization Operational Concerns
  • Security (relative, subjective)
  • Proprietary? (security through obscurity)
  • Open Standard Protocol? (published)
  • Open Non-Standard Protocol? (published but
    obscure)
  • Scalability
  • Memory utilization per VPN tunnel
  • Processor utilization per VPN tunnel
  • Configuration and management (order of
    magnitude)

CS577 Advanced Computer Networks
9
Experiments
VPN Tunnel Assorted OSLV types
RedHat 9 Server P4 2 GHz 512 MB RAM
RedHat 8 Workstation PII 400 MHz 128 MB RAM
Private Network PC Network Experiments
Private Network PC Network Experiments
  • All links 100 Mbps
  • Test Tools
  • ethereal - overhead
  • iperf bandwidth and jitter
  • ping latency

CS577 Advanced Computer Networks
10
Results Network Performance
CS577 Advanced Computer Networks
11
Results Features and Functionality
CS577 Advanced Computer Networks
12
Results Operational Concerns - Security
CS577 Advanced Computer Networks
13
Results Operational Concerns - Scalability
CS577 Advanced Computer Networks
14
Conclusions
  • Tunnel over UDP!
  • Where did they present the memory/CPU utilization
    results?
  • OSLVs are present and useable

CS577 Advanced Computer Networks
About PowerShow.com