VPN over Satellite: A comparison of approachesLearn MPS Technology on mps-technology.net. VPN over Satellite: A comparison of approaches article will help answer your questions on MPS Technology.We at mps-technology.net specialize in MPS Technology. MPS Technology at mps-technology.net provides the most up to date news and articles. If you have questions please do not hesitate to contact us.
As awareness of VSAT Systems satellite Internet access (www.vsat-systems.com) becomes more wide spread, demand for secure connections from remote locations to corporate local area networks continues to increase. The high latency inherent in geo-synchronous satellite connections has presented a significant obstacle to efficient virtual private network (VPN) connections over satellite. The Problem In order for a two-way satellite service to perform properly in conjunction with traditional terrestrial networks (Internet, Intranet), satellite data networks must employ special techniques to deal with the extra 44,600-mile space segment of the connection. When the spoofing equipment receives Internet traffic destined for a remote satellite location, it immediately acknowledges receipt of the packet to the sender so more data packets will follow promptly. To determine the effect of latency on performance and to measure the effectiveness of an alternative VPN device, engineers at VSAT Systems transferred a variety of data files over a high-quality satellite link under controlled conditions and measured the results. Test Procedure The test compared transfer rates over a Cisco 1711 IPsec VPN and an Encore VSR-30 Selective Layer Encryption (SLE) appliance to each other and to the speed of file transfers over the open Internet (unencrypted). For convenience, the FTP a Article: As observance of VSAT Systems satellite Internet attainability (www.vsat-systems.com) becomes more wide spread, demand for secure connections from remote locations to corporate local area networks continues to increase. The high latency inherent in geo-synchronous satellite connections has presented a significant obstacle to efficient virtual private network (VPN) connections over satellite. Various solutions to anticipating IP traffic over satellite have been proposed, but each one has had some limitation that prevented it from agreeable widely adopted. Recently Encore Networks released their VSR-30 3DES VPN device, which offers the most popular features of IPSEC appliances, but leaves the IP header unencrypted. This feature makes the VSR-30 hypnotic for satellite-based VPN applications for visible headers take account of VSAT Systems to optimize throughput. The Problem In order for a two-way satellite service to perform properly in conjunction with traditional terrestrial networks (Internet, Intranet), satellite data networks must employ special techniques to deal with the extra 44,600-mile space segment of the connection. Without those steps, the increased latency, the time required to traverse the extra distance, means that TCP severely limits performance. The Internet relies on the Transmission Control Protocol (TCP) to ensure packet delivery without errors. TCP works by sending a exceptional space of data, the “window size,” then waiting for the receiver to send an acknowledgment of receipt. With TCP, the sender cannot transmit more data until it has received an acknowledgment. If an acknowledgment does not make in a timely manner, TCP assumes the packet was lost (discarded due to network congestion) and resends it. When packets go unacknowledged, TCP also slows the transmission rate to reduce congestion and to minimize the need for retransmissions. TCP/IP sessions start out sending data slowly. Speed builds as the rate of the acknowledgments verifies the network’s jam-packed to engage more traffic. This is known as slow-start, followed by a ramp-up in speed. The speed of the connection builds until the sender detects packet loss from a lack of an acknowledgment. This allows TCP to fulfil the fastest practical data transfer rate for the conditions present on the network. Terrestrial networks typically have round-trip latencies in the range of 35 to 100 ms. Satellite networks, due to the distance of geo-synchronous satellites besides the equator, require 550 ms or more. Some satellite connections have much higher latencies. Depending upon the satellite hardware and subscription policy of the service provider, latencies of 800 ms to as much at 2,000 ms or more can occur. TCP interprets the fresh satellite transit time as network congestion. If uncorrected, this effect causes the network to send all collateral packets at the slow-start rate. Current satellite data networks employ a technique referred to as TCP enhancement or IP spoofing to abrogate for the extra time required to transit the space segment. Special equipment at the carrier’s main satellite hub appears to terminate the TCP session, so it appears to the sender as the remote location. In sooth the device at the satellite hub acts as a relay or forwarder mid the originating terrestrial location and the remote satellite unit. When the spoofing equipment receives Internet traffic destined for a remote satellite location, it immediately acknowledges receipt of the packet to the sender so more data packets will follow promptly. This way the sender never experiences the routine latency to the remote site in that acknowledgments return rapidly. As a result, TCP moves out of slow-start mode quickly and builds to the highest practical speed. To prevent packets from present certified twice, the spoofing equipment suppresses acknowledgments from the remote site. In this way, computers checked a satellite link chew the rag seamlessly and efficiently with servers on the terrestrial Internet. IPsec VPNs not only encrypt the data portion of packets, they also encrypt the TCP port number and IP seat of the sender’s computer. (Think of TCP port as the penthouse number while the IP comportment is that of the building.) Consequently, only the VPN software at the remote site can decipher where packets originated and account for receipt of data. Popular IPsec VPNs, therefore, defeat TCP enhancement over satellite links seeing as how ground stations cannot chime in with the fields in the header when those fields are encrypted. This situation requires that acknowledgments transit the space segment twice (over and back) and results in substantial performance degradation. The impact on performance increases as the latency rises. To determine the effect of latency on performance and to measure the effectiveness of an metonymy VPN device, engineers at VSAT Systems transferred a variety of data files over a high-quality satellite link under controlled conditions and measured the results. Test Procedure The test compared transfer rates over a Cisco 1711 IPsec VPN and an Encore VSR-30 Selective Layer Encryption (SLE) silverware to each other and to the speed of file transfers over the open Internet (unencrypted). The data moved from remote to server, then from server to remote using FTP. Transfer rates were measured in kilobits per second (Kbps). The test utilized six different files to measure data transfers rates: 500 kilobyte, 5 megabyte, and 10 megabyte files in both compressible (text) and non-compressible (binary)forms. Both the Cisco and Encore equipment used 3DES encryption. However, the Encore unit’s SLE encrypted only the data, leaving the IP and TCP headers accessible. With the headers accessible, the encrypted packets are nice with all types of satellite modems and all methods of TCP acceleration. The test transferred files needle two similarly configured Free BSD computers containing three identical network cards. With three rubber in each system, the computers could multi-home and physically separate data. The resulting three data paths facilitated the near simultaneous testing of the two VPN circuits and the unencrypted, abroad connection. The remote connection utilized VSAT Systems NetModem II (www.vsat-systems.com/satellite-internet/hardware.html) commissioned for 512 Kbps/512 Kbps service to the Internet. The host side had a spun yarn modem connection running at 3 Mbps/384 Kbps. The 384 Kbps outbound connection limited the finesse to test the full 512 Kbps download know-how of the satellite modem, but it did provide up to results to set off against relative speeds of encrypted and unencrypted data nearing from the host. The latency of the VSAT Systems satellite link (www.vsat-systems.com) used in these tests ranged from generally speaking 550 ms to 625 ms. Some satellite connections (www.skycasters.com) have much higher latencies. Depending upon the satellite hardware and subscription policy of the service provider, latencies of 800 ms to as much at 2,000 ms have been observed. The performance of any shared bandwidth system varies throughout the day. To minimize bandwidth effects on results, five iterations of each test ran at different times. To further reduce the influence of bandwidth fluctuations, the testing sequence progressed through all six files, once in each direction, by choice repeating the transfer of any one file. For example, the 500 K text file ran through the SLE tunnel, then the IPsec circuit, and finally in the clear. Next a 500 K ambidextrous file passed through each circuit, and so on. Each interleaved sequence of transfers repeated five times. An efficient VPN solution must do more than simply transfer files proficiently. The time to establish a TCP/IP session can significantly impact how applications run fronting a high-latency connection. To gain an indication of the rate at which the connections could establish TCP/IP sessions, the test procedure transferred a directory file and a group of web pages back and forth. The time required to establish a TCP/IP session can have a noticeable impact on the performance of some web-enabled applications. Since each file included in a web page requires the browser to start a new HTTP connection to the server, a page with multiple graphics, framed text, or media in external files will promote a delay as multiple connections open and close. Similar ins and outs occur in FTP connections as a dependent traverses the server’s file structure if that development involves multiple files. To illustrate TCP/IP session initiation efficiency, the test protocol included two ancillary procedures. First, each server transferred a directory containing files of different sizes and composition over and back criss-cross the connections using FTP. Second, the servers moved a series of web pages to and from the remote site using HTTP. Since both FTP and HTTP must establish a new connection for each file, this procedure provided a method to pace start/restart timing issues confederated with VPN tunnels extended against satellite links. For convenience, the FTP and HTTP tests measured the total time required to transfer the respective data from one side to another, not the time to reestablish each individual connection. Results The 3DES Selective Layer Encryption technology proved consistently faster than IPsec encryption in all three categories: FTP file transfer, FTP directory transfer, and HTTP web page downloads. This is as expected as long as SLE leaves the TCP/IP headers in the make it which allows the satellite operator to perform IP spoofing or TCP acceleration. In half of the FTP file transfers, Selective Layer Encryption accomplished fact higher data transfer rates than the unencrypted circuit. Data moved 20% slower over the IPsec connection than it did over the unencrypted frequency band when moving from host to remote and 38% slower going from the remote to the host. Both the graph on page 3 entitled FTP to Remote Site and the one chosen labeled FTP from Remote Site present the mean values for five iterations of each file type. Selective Layer Encryption also performed well in the TCP/IP intensive tests involving directories and web pages. When downloading the directory information to the remote site, SLE performed only 7% slower than the unencrypted connection compared with 25% for the slower IPsec protocol. In the opposite direction, the SLE connection completed the task only 3% belatedly the unencrypted connection while the IPsec saucer ran 14% slower. In the web page test, SLE completed the task 0.5% faster than the unencrypted bout when moving data from the host to the remote site. Reversing direction reduced the SLE performance relative to the unleavened channel: SLE took 6% longer. The IPsec connection pulled down the web pages 5% slower than the unencrypted outing going from host to remote and 66% slower when run from the remote site. As mentioned earlier, satellite latency varies with equipment and service quality. Longer latencies, while sore all the results, will have a more severe impact on the IPsec connection than either of the other two protocols in this test. Conclusions Any encryption technique over any connection imposes some performance loss. Performance also suffers as a function of increased latency. Some of the geo-synchronous satellite services untended today, however, have sufficiently low latencies (550 to 625 ms) that even an IPsec VPN becomes practical. But as the results of these tests demonstrably indicate, IPsec encryption significantly reduces the performance of TCP/IP over a high latency connection. The Encore VSR-30 with Selective Layer Encryption technology combines with VSAT Systems high-end satellite equipment (www.vsat-systems.com) offers an efficient method to bring through fast, secure 3DES encryption when using a satellite link to ford the public Internet.
|
Advice Home Business Technology Online Advertising Motivational Internet Marketing SEO Help Online Games Science Articles Happiness More Articles:1. Microsoft Patents Everything! Summary: Perhaps the people who wrote Pine would have something to say about 'prior art'? 'Network interface sharing methods and apparatuses that support kernel mode data traffic and user mode data traffic ' is hard to say and even harder to understand. Article: Those troll-like techs at Microsoft are up to their old tricks again. They've continued their policy of patenting EVERYTHING. This patent, for instance, covers 'Licensing the use of software to a particular user'. This means that Micro… 2. Blu Ray Discs The New DVDs Summary: Blu ray disk drives will also be able to write to CD or DVD.The additional capacity on the blu ray disk is created by usig blue laserers and improved lense technology enabling the creation of smaller + higher density pits on the disk. Article: Blu-ray disk is a disk which is self-consistent with current CD+DVD technology. It is the same format but offers greater data capacity, and it's development is currently supported by leading hardware manufactures such as dell and HP as well as awa… 3. Microsoft Passport? Good or Bad for the Internet? Summary: In fact, most people simplycreate all of their usernames as their own first and last name (perhaps witha number to make it unique) and use very simple, and easily guessed,passwords.Microsoft has now come along and proposed a solution to this situation.Well, proposed is not the right word - Microsoft is implementing a solution.It's actually a key component of their .NET strategy.What they are doing is creating a 'passport', called 'Microsoft passport',which is more or less intended to be… 4. WiFi Technical Specifications Summary:Short for 'Wireless Fidelity', WiFi is a networking standard, which allows for wireless internet access and data downloading. WiFi transfers data over extremely high-frequency radio signals, and is only available when within range of a hotspot. Article:Short for 'Wireless Fidelity', WiFi is a networking standard, which allows for wireless internet pass and data downloading. WiFi transfers data over extremely high-frequency radio signals, and is only deserted when within range of a hotspo… |
||||
