Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:

Slides:

Advertisements

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Advertisements

Encrypting Wireless Data with VPN Techniques

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)

October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.

Emerging Technologies in Wireless LANs. Replacement for traditional Ethernet LANs Several Municipalities Portland, OR Philadelphia, PA San Francisco,

PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.

Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Internet In A Slice Andy Bavier CS461 Lecture.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How TCP/IP Works INTRO v2.0—4-1.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

1 UNIX Networking. 2 Section Overview TCP/IP Basics TCP/IP Configuration TCP/IP Network Testing Dynamic Host Config Protocol (DHCP) Wireless Networking.

Module 3: Planning and Troubleshooting Routing and Switching.

Intranet, Extranet, Firewall. Intranet and Extranet.

MikroTik Experience Overview - Wireless ISP Solutions

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.

Implementing VPN Solutions Laurel Boyer, CCIE 4918 Presented, June 2003.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

VPN Protocol What is a VPN? A VPN is A network that uses Internet or other network service to transmit data. A VPN includes authentication and.

Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

Lect1..ppt - 01/06/05 CDA 6505 Network Architecture and Client/Server Computing Lecture 2 Protocols and the TCP/IP Suite by Zornitza Genova Prodanoff.

CS 6401 Internetworking Outline Internet Architecture Best Effort Service Model.

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 4: Implement the DiffServ QoS Model.

Module 2: Planning and Optimizing a TCP/IP Physical and Logical Network.

Design and Implementation of a Multi-Channel Multi-Interface Network Chandrakanth Chereddi Pradeep Kyasanur Nitin H. Vaidya University of Illinois at Urbana-Champaign.

Examining Network Protocols. Overview Introduction to Protocols Protocols and Data Transmissions Common Protocols Other Communication Protocols Remote.

Module 5: Configuring Access for Remote Clients and Networks.

Karlstad University IP security Ge Zhang

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.

Chapter 2 Protocols and the TCP/IP Suite 1 Chapter 2 Protocols and the TCP/IP Suite.

An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.

Module 1: Configuring Routing by Using Routing and Remote Access.

KAIS T Computer Architecture Lab. Div. of CS, Dept. of EECS KAIST CS492 Lab Summary.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

1 Bus topology network. 2 Data is sent to all computers, but only the destination computer accepts 02608c

Firewall Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow.

Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.

Ph.D Unurkhaan Esbold, Computer Science and Management School, Mongolian University of Science and Technology “InfoSec Mongolia 2006” conference, Ulaanbaatar,

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Some Network Commands n Some useful network commands –ping –finger –nslookup –tracert –ipconfig.

Scope/Goals of TLDK What is the scope of TLDK? High performance TCP/UDP Testing via CSIT needs to have a set of unit tests for validation Centralized or.

Managing and Directing Network Traffic with Linux

CSCI 465 Data Communications and Networks Lecture 26

VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.

TLDK Transport Layer Development Kit

Team: Aaron Sproul Patrick Hamilton

Neha Jain Shashwat Yadav

Distributed Systems.

Chapter 18 IP Security  IP Security (IPSec)

Planning and Troubleshooting Routing and Switching

Securing the Network Perimeter with ISA 2004

Examining Network Protocols

Remote Access Services RAS Routing and Remote Access Services RRAS Remote Desktop Terminal Services Virtual Private Networking VPN.

iSCSI-based Virtual Storage System for Mobile Devices

IS 4506 Server Configuration (HTTP Server)

Software models - Software Architecture Design Patterns

Chapter 15 – Part 2 Networks The Internal Operating System

Cengage Learning: Computer Networking from LANs to WANs

WireGuard zswu.

Networks II: The OSI Model

IS 4506 Configuring the FTP Service

Presentation transcript:

Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by: Abe Murray CS577: Advanced Computer Networks

Outline Abstract / Intro VPN Basics VPN Software Architecture VPN Characterization –Network Performance –Features and Functionality –Operational Concerns Experiments Results –Network Performance –Features and Functionality –Operational Concerns Closing CS577: Advanced Computer Networks

Abstract Virtual Private Network (VPN) –Have become popular –Multitude of Proprietary, and Open-Source solutions –Authors compared a number of open-source linux- based VPN solutions (OSLVs) UDP tunnels have 50% less overhead, 80% greater bandwidth utilization, and 40-60% less latency CS577: Advanced Computer Networks

VPN Basics A VPN is a TCP/IP stack modification –Adds a VPN daemon, and a Virtual Network Interface (VNI) –Control plane (TCP): Peer authentication Session keys IP mapping to subnetworks –Data plane (TCP or UDP): Serial pipeline with encryption Authentication, compression CS577: Advanced Computer Networks

VPN Software Architecture 1.VPN packet arrives at eth1, routed to VNI 2.VPN packet arrives at VNI, handed to VPN daemon 3.VPN packet is compressed/encrypted, then handed to transport layer Subsequently, handled and routed like any other packet, with the exception that its contents are encrypted with the session key CS577: Advanced Computer Networks

VPN Characterization: Network Performance Overhead –75% header/trailers, compressible –25% encryption, padding, not compressible Bandwidth Utilization –Overhead reduces goodput –Latency makes default TCP window insufficient –TCP stacking results in degradation Latency/Jitter –Longer packet data path –Additional processing due to encryption –Additional data copies due to user-space VPN CS577: Advanced Computer Networks

VPN Characterization: Features and Functionality Code Modularity –Flexibility of OSLV regarding plugins Cryptos Routing Security updates Routing –Required for transport among VPN participants, must be shared among VPN participants. –Manual? Automated? CS577: Advanced Computer Networks

VPN Characterization: Operational Concerns Security (relative, subjective) –Proprietary? (security through obscurity) –Open Standard Protocol? (published) –Open Non-Standard Protocol? (published but obscure) Scalability –Memory utilization per VPN tunnel –Processor utilization per VPN tunnel –Configuration and management (order of magnitude) CS577: Advanced Computer Networks

Experiments All links 100 Mbps Test Tools: –ethereal - overhead –iperf – bandwidth and jitter –ping – latency CS577: Advanced Computer Networks Private Net 1Private Net 2 RedHat 9 Server P4 2 GHz 512 MB RAM RedHat 8 Workstation PII 400 MHz 128 MB RAM Private Network PC Network Experiments Private Network PC Network Experiments VPN Tunnel Assorted OSLV types

Results: Network Performance CS577: Advanced Computer Networks

Results: Features and Functionality CS577: Advanced Computer Networks

Results: Operational Concerns - Security CS577: Advanced Computer Networks

Results: Operational Concerns - Scalability CS577: Advanced Computer Networks

Conclusions CS577: Advanced Computer Networks Tunnel over UDP! Where did they present the memory/CPU utilization results? OSLVs are present and useable