Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:

Published byMyron Lawrence Modified over 9 years ago

Similar presentations

Presentation on theme: "Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:"— Presentation transcript:

1 Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by: Abe Murray CS577: Advanced Computer Networks

2 Outline Abstract / Intro VPN Basics VPN Software Architecture VPN Characterization –Network Performance –Features and Functionality –Operational Concerns Experiments Results –Network Performance –Features and Functionality –Operational Concerns Closing CS577: Advanced Computer Networks

3 Abstract Virtual Private Network (VPN) –Have become popular –Multitude of Proprietary, and Open-Source solutions –Authors compared a number of open-source linux- based VPN solutions (OSLVs) UDP tunnels have 50% less overhead, 80% greater bandwidth utilization, and 40-60% less latency CS577: Advanced Computer Networks

4 VPN Basics A VPN is a TCP/IP stack modification –Adds a VPN daemon, and a Virtual Network Interface (VNI) –Control plane (TCP): Peer authentication Session keys IP mapping to subnetworks –Data plane (TCP or UDP): Serial pipeline with encryption Authentication, compression CS577: Advanced Computer Networks

5 VPN Software Architecture 1.VPN packet arrives at eth1, routed to VNI 2.VPN packet arrives at VNI, handed to VPN daemon 3.VPN packet is compressed/encrypted, then handed to transport layer Subsequently, handled and routed like any other packet, with the exception that its contents are encrypted with the session key CS577: Advanced Computer Networks

6 VPN Characterization: Network Performance Overhead –75% header/trailers, compressible –25% encryption, padding, not compressible Bandwidth Utilization –Overhead reduces goodput –Latency makes default TCP window insufficient –TCP stacking results in degradation Latency/Jitter –Longer packet data path –Additional processing due to encryption –Additional data copies due to user-space VPN CS577: Advanced Computer Networks

7 VPN Characterization: Features and Functionality Code Modularity –Flexibility of OSLV regarding plugins Cryptos Routing Security updates Routing –Required for transport among VPN participants, must be shared among VPN participants. –Manual? Automated? CS577: Advanced Computer Networks

8 VPN Characterization: Operational Concerns Security (relative, subjective) –Proprietary? (security through obscurity) –Open Standard Protocol? (published) –Open Non-Standard Protocol? (published but obscure) Scalability –Memory utilization per VPN tunnel –Processor utilization per VPN tunnel –Configuration and management (order of magnitude) CS577: Advanced Computer Networks

9 Experiments All links 100 Mbps Test Tools: –ethereal - overhead –iperf – bandwidth and jitter –ping – latency CS577: Advanced Computer Networks Private Net 1Private Net 2 RedHat 9 Server P4 2 GHz 512 MB RAM RedHat 8 Workstation PII 400 MHz 128 MB RAM Private Network PC Network Experiments Private Network PC Network Experiments VPN Tunnel Assorted OSLV types

10 Results: Network Performance CS577: Advanced Computer Networks

11 Results: Features and Functionality CS577: Advanced Computer Networks

12 Results: Operational Concerns - Security CS577: Advanced Computer Networks

13 Results: Operational Concerns - Scalability CS577: Advanced Computer Networks

14 Conclusions CS577: Advanced Computer Networks Tunnel over UDP! Where did they present the memory/CPU utilization results? OSLVs are present and useable

Download ppt "Virtual Private Networks: An Overview with Performance Evaluation Shashank Khanvilkar and Ashfaq Khokhar, University of Illinois at Chicago Presented by:"

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.

October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
Emerging Technologies in Wireless LANs. Replacement for traditional Ethernet LANs Several Municipalities Portland, OR Philadelphia, PA San Francisco,

Emerging Technologies in Wireless LANs. Replacement for traditional Ethernet LANs Several Municipalities Portland, OR Philadelphia, PA San Francisco,
PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.

PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.
Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.

Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Internet In A Slice Andy Bavier CS461 Lecture.

Internet In A Slice Andy Bavier CS461 Lecture.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How TCP/IP Works INTRO v2.0—4-1.

Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How TCP/IP Works INTRO v2.0—4-1.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
1 UNIX Networking. 2 Section Overview TCP/IP Basics TCP/IP Configuration TCP/IP Network Testing Dynamic Host Config Protocol (DHCP) Wireless Networking.

1 UNIX Networking. 2 Section Overview TCP/IP Basics TCP/IP Configuration TCP/IP Network Testing Dynamic Host Config Protocol (DHCP) Wireless Networking.
Module 3: Planning and Troubleshooting Routing and Switching.

Module 3: Planning and Troubleshooting Routing and Switching.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
MikroTik Experience Overview - Wireless ISP Solutions

MikroTik Experience Overview - Wireless ISP Solutions
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.

Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.
Implementing VPN Solutions Laurel Boyer, CCIE 4918 Presented, June 2003.

Implementing VPN Solutions Laurel Boyer, CCIE 4918 Presented, June 2003.

Similar presentations

Ads by Google