Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq...
-
Upload
myron-lawrence -
Category
Documents
-
view
214 -
download
0
Transcript of Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq...
![Page 1: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/1.jpg)
Virtual Private Networks:An Overview with Performance Evaluation
Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago
Presented by: Abe Murray
CS577: Advanced Computer Networks
![Page 2: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/2.jpg)
Outline• Abstract / Intro• VPN Basics• VPN Software Architecture• VPN Characterization
– Network Performance– Features and Functionality– Operational Concerns
• Experiments• Results
– Network Performance– Features and Functionality– Operational Concerns
• Closing
CS577: Advanced Computer Networks
![Page 3: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/3.jpg)
Abstract• Virtual Private Network (VPN)
– Have become popular– Multitude of Proprietary, and Open-Source
solutions– Authors compared a number of open-source linux-
based VPN solutions (OSLVs)
• UDP tunnels have 50% less overhead, 80% greater bandwidth utilization, and 40-60% less latency
CS577: Advanced Computer Networks
![Page 4: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/4.jpg)
VPN Basics• A VPN is a TCP/IP stack modification
– Adds a VPN daemon, and a Virtual Network Interface (VNI)
– Control plane (TCP):• Peer authentication• Session keys• IP mapping to subnetworks
– Data plane (TCP or UDP):• Serial pipeline with encryption• Authentication, compression
CS577: Advanced Computer Networks
![Page 5: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/5.jpg)
VPN Software Architecture
1. VPN packet arrives at eth1, routed to VNI
2. VPN packet arrives at VNI, handed to VPN daemon
3. VPN packet is compressed/encrypted, then handed to transport layer
Subsequently, handled and routed like any other packet, with the exception that its contents are encrypted with the session key
CS577: Advanced Computer Networks
![Page 6: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/6.jpg)
VPN Characterization:
Network Performance• Overhead
– 75% header/trailers, compressible– 25% encryption, padding, not compressible
• Bandwidth Utilization– Overhead reduces goodput– Latency makes default TCP window insufficient– TCP stacking results in degradation
• Latency/Jitter– Longer packet data path– Additional processing due to encryption– Additional data copies due to user-space VPN
CS577: Advanced Computer Networks
![Page 7: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/7.jpg)
VPN Characterization:
Features and Functionality• Code Modularity
– Flexibility of OSLV regarding plugins• Cryptos• Routing• Security updates
• Routing– Required for transport among VPN
participants, must be shared among VPN participants.
– Manual? Automated?
CS577: Advanced Computer Networks
![Page 8: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/8.jpg)
VPN Characterization:
Operational Concerns• Security (relative, subjective)
– Proprietary? (security through obscurity)– Open Standard Protocol? (published)– Open Non-Standard Protocol? (published but
obscure)
• Scalability– Memory utilization per VPN tunnel– Processor utilization per VPN tunnel– Configuration and management
(order of magnitude)
CS577: Advanced Computer Networks
![Page 9: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/9.jpg)
Experiments
• All links 100 Mbps• Test Tools:
– ethereal - overhead– iperf – bandwidth and jitter– ping – latency
CS577: Advanced Computer Networks
Private Net 1 Private Net 2
RedHat 9 Server
P4 2 GHz512 MB RAM
RedHat 8 Workstation
PII 400 MHz128 MB RAM
Private Network PC
Network Experiments
Private Network PC
Network Experiments
VPN Tunnel
Assorted OSLV types
![Page 10: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/10.jpg)
Results:
Network Performance
CS577: Advanced Computer Networks
![Page 11: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/11.jpg)
Results:
Features and Functionality
CS577: Advanced Computer Networks
![Page 12: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/12.jpg)
Results:
Operational Concerns - Security
CS577: Advanced Computer Networks
![Page 13: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/13.jpg)
Results:
Operational Concerns - Scalability
CS577: Advanced Computer Networks
![Page 14: Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:](https://reader035.fdocuments.us/reader035/viewer/2022062722/56649f345503460f94c5160e/html5/thumbnails/14.jpg)
Conclusions
CS577: Advanced Computer Networks
• Tunnel over UDP!
• Where did they present the memory/CPU utilization results?
• OSLVs are present and useable