VPN over Satellite: A comparison of approachesLearn MPS Technology on mps-technology.net. VPN over Satellite: A comparison of approaches article will help answer your questions on MPS Technology.We at mps-technology.net specialize in MPS Technology. MPS Technology at mps-technology.net provides the most up to date news and articles. If you have questions please do not hesitate to contact us.
As awareness of VSAT Systems satellite Internet access (www.vsat-systems.com) becomes more wide spread, demand for secure connections from remote locations to corporate local area networks continues to increase. The high latency inherent in geo-synchronous satellite connections has presented a significant obstacle to efficient virtual private network (VPN) connections over satellite. The Problem In order for a two-way satellite service to perform properly in conjunction with traditional terrestrial networks (Internet, Intranet), satellite data networks must employ special techniques to deal with the extra 44,600-mile space segment of the connection. When the spoofing equipment receives Internet traffic destined for a remote satellite location, it immediately acknowledges receipt of the packet to the sender so more data packets will follow promptly. To determine the effect of latency on performance and to measure the effectiveness of an alternative VPN device, engineers at VSAT Systems transferred a variety of data files over a high-quality satellite link under controlled conditions and measured the results. Test Procedure The test compared transfer rates over a Cisco 1711 IPsec VPN and an Encore VSR-30 Selective Layer Encryption (SLE) appliance to each other and to the speed of file transfers over the open Internet (unencrypted). For convenience, the FTP a Article: As observance of VSAT Systems satellite Internet attainability (www.vsat-systems.com) becomes more wide spread, demand for secure connections from remote locations to corporate local area networks continues to increase. The high latency inherent in geo-synchronous satellite connections has presented a significant obstacle to efficient virtual private network (VPN) connections over satellite. Various solutions to anticipating IP traffic over satellite have been proposed, but each one has had some limitation that prevented it from agreeable widely adopted. Recently Encore Networks released their VSR-30 3DES VPN device, which offers the most popular features of IPSEC appliances, but leaves the IP header unencrypted. This feature makes the VSR-30 hypnotic for satellite-based VPN applications for visible headers take account of VSAT Systems to optimize throughput. The Problem In order for a two-way satellite service to perform properly in conjunction with traditional terrestrial networks (Internet, Intranet), satellite data networks must employ special techniques to deal with the extra 44,600-mile space segment of the connection. Without those steps, the increased latency, the time required to traverse the extra distance, means that TCP severely limits performance. The Internet relies on the Transmission Control Protocol (TCP) to ensure packet delivery without errors. TCP works by sending a exceptional space of data, the “window size,” then waiting for the receiver to send an acknowledgment of receipt. With TCP, the sender cannot transmit more data until it has received an acknowledgment. If an acknowledgment does not make in a timely manner, TCP assumes the packet was lost (discarded due to network congestion) and resends it. When packets go unacknowledged, TCP also slows the transmission rate to reduce congestion and to minimize the need for retransmissions. TCP/IP sessions start out sending data slowly. Speed builds as the rate of the acknowledgments verifies the network’s jam-packed to engage more traffic. This is known as slow-start, followed by a ramp-up in speed. The speed of the connection builds until the sender detects packet loss from a lack of an acknowledgment. This allows TCP to fulfil the fastest practical data transfer rate for the conditions present on the network. Terrestrial networks typically have round-trip latencies in the range of 35 to 100 ms. Satellite networks, due to the distance of geo-synchronous satellites besides the equator, require 550 ms or more. Some satellite connections have much higher latencies. Depending upon the satellite hardware and subscription policy of the service provider, latencies of 800 ms to as much at 2,000 ms or more can occur. TCP interprets the fresh satellite transit time as network congestion. If uncorrected, this effect causes the network to send all collateral packets at the slow-start rate. Current satellite data networks employ a technique referred to as TCP enhancement or IP spoofing to abrogate for the extra time required to transit the space segment. Special equipment at the carrier’s main satellite hub appears to terminate the TCP session, so it appears to the sender as the remote location. In sooth the device at the satellite hub acts as a relay or forwarder mid the originating terrestrial location and the remote satellite unit. When the spoofing equipment receives Internet traffic destined for a remote satellite location, it immediately acknowledges receipt of the packet to the sender so more data packets will follow promptly. This way the sender never experiences the routine latency to the remote site in that acknowledgments return rapidly. As a result, TCP moves out of slow-start mode quickly and builds to the highest practical speed. To prevent packets from present certified twice, the spoofing equipment suppresses acknowledgments from the remote site. In this way, computers checked a satellite link chew the rag seamlessly and efficiently with servers on the terrestrial Internet. IPsec VPNs not only encrypt the data portion of packets, they also encrypt the TCP port number and IP seat of the sender’s computer. (Think of TCP port as the penthouse number while the IP comportment is that of the building.) Consequently, only the VPN software at the remote site can decipher where packets originated and account for receipt of data. Popular IPsec VPNs, therefore, defeat TCP enhancement over satellite links seeing as how ground stations cannot chime in with the fields in the header when those fields are encrypted. This situation requires that acknowledgments transit the space segment twice (over and back) and results in substantial performance degradation. The impact on performance increases as the latency rises. To determine the effect of latency on performance and to measure the effectiveness of an metonymy VPN device, engineers at VSAT Systems transferred a variety of data files over a high-quality satellite link under controlled conditions and measured the results. Test Procedure The test compared transfer rates over a Cisco 1711 IPsec VPN and an Encore VSR-30 Selective Layer Encryption (SLE) silverware to each other and to the speed of file transfers over the open Internet (unencrypted). The data moved from remote to server, then from server to remote using FTP. Transfer rates were measured in kilobits per second (Kbps). The test utilized six different files to measure data transfers rates: 500 kilobyte, 5 megabyte, and 10 megabyte files in both compressible (text) and non-compressible (binary)forms. Both the Cisco and Encore equipment used 3DES encryption. However, the Encore unit’s SLE encrypted only the data, leaving the IP and TCP headers accessible. With the headers accessible, the encrypted packets are nice with all types of satellite modems and all methods of TCP acceleration. The test transferred files needle two similarly configured Free BSD computers containing three identical network cards. With three rubber in each system, the computers could multi-home and physically separate data. The resulting three data paths facilitated the near simultaneous testing of the two VPN circuits and the unencrypted, abroad connection. The remote connection utilized VSAT Systems NetModem II (www.vsat-systems.com/satellite-internet/hardware.html) commissioned for 512 Kbps/512 Kbps service to the Internet. The host side had a spun yarn modem connection running at 3 Mbps/384 Kbps. The 384 Kbps outbound connection limited the finesse to test the full 512 Kbps download know-how of the satellite modem, but it did provide up to results to set off against relative speeds of encrypted and unencrypted data nearing from the host. The latency of the VSAT Systems satellite link (www.vsat-systems.com) used in these tests ranged from generally speaking 550 ms to 625 ms. Some satellite connections (www.skycasters.com) have much higher latencies. Depending upon the satellite hardware and subscription policy of the service provider, latencies of 800 ms to as much at 2,000 ms have been observed. The performance of any shared bandwidth system varies throughout the day. To minimize bandwidth effects on results, five iterations of each test ran at different times. To further reduce the influence of bandwidth fluctuations, the testing sequence progressed through all six files, once in each direction, by choice repeating the transfer of any one file. For example, the 500 K text file ran through the SLE tunnel, then the IPsec circuit, and finally in the clear. Next a 500 K ambidextrous file passed through each circuit, and so on. Each interleaved sequence of transfers repeated five times. An efficient VPN solution must do more than simply transfer files proficiently. The time to establish a TCP/IP session can significantly impact how applications run fronting a high-latency connection. To gain an indication of the rate at which the connections could establish TCP/IP sessions, the test procedure transferred a directory file and a group of web pages back and forth. The time required to establish a TCP/IP session can have a noticeable impact on the performance of some web-enabled applications. Since each file included in a web page requires the browser to start a new HTTP connection to the server, a page with multiple graphics, framed text, or media in external files will promote a delay as multiple connections open and close. Similar ins and outs occur in FTP connections as a dependent traverses the server’s file structure if that development involves multiple files. To illustrate TCP/IP session initiation efficiency, the test protocol included two ancillary procedures. First, each server transferred a directory containing files of different sizes and composition over and back criss-cross the connections using FTP. Second, the servers moved a series of web pages to and from the remote site using HTTP. Since both FTP and HTTP must establish a new connection for each file, this procedure provided a method to pace start/restart timing issues confederated with VPN tunnels extended against satellite links. For convenience, the FTP and HTTP tests measured the total time required to transfer the respective data from one side to another, not the time to reestablish each individual connection. Results The 3DES Selective Layer Encryption technology proved consistently faster than IPsec encryption in all three categories: FTP file transfer, FTP directory transfer, and HTTP web page downloads. This is as expected as long as SLE leaves the TCP/IP headers in the make it which allows the satellite operator to perform IP spoofing or TCP acceleration. In half of the FTP file transfers, Selective Layer Encryption accomplished fact higher data transfer rates than the unencrypted circuit. Data moved 20% slower over the IPsec connection than it did over the unencrypted frequency band when moving from host to remote and 38% slower going from the remote to the host. Both the graph on page 3 entitled FTP to Remote Site and the one chosen labeled FTP from Remote Site present the mean values for five iterations of each file type. Selective Layer Encryption also performed well in the TCP/IP intensive tests involving directories and web pages. When downloading the directory information to the remote site, SLE performed only 7% slower than the unencrypted connection compared with 25% for the slower IPsec protocol. In the opposite direction, the SLE connection completed the task only 3% belatedly the unencrypted connection while the IPsec saucer ran 14% slower. In the web page test, SLE completed the task 0.5% faster than the unencrypted bout when moving data from the host to the remote site. Reversing direction reduced the SLE performance relative to the unleavened channel: SLE took 6% longer. The IPsec connection pulled down the web pages 5% slower than the unencrypted outing going from host to remote and 66% slower when run from the remote site. As mentioned earlier, satellite latency varies with equipment and service quality. Longer latencies, while sore all the results, will have a more severe impact on the IPsec connection than either of the other two protocols in this test. Conclusions Any encryption technique over any connection imposes some performance loss. Performance also suffers as a function of increased latency. Some of the geo-synchronous satellite services untended today, however, have sufficiently low latencies (550 to 625 ms) that even an IPsec VPN becomes practical. But as the results of these tests demonstrably indicate, IPsec encryption significantly reduces the performance of TCP/IP over a high latency connection. The Encore VSR-30 with Selective Layer Encryption technology combines with VSAT Systems high-end satellite equipment (www.vsat-systems.com) offers an efficient method to bring through fast, secure 3DES encryption when using a satellite link to ford the public Internet.
|
Advice Home Business Technology Online Advertising Motivational Internet Marketing SEO Help Online Games Science Articles Happiness More Articles:1. Satellite Radio: XM and Sirius Battle for Your $$$ Summary: Here's how Sirius stack up with their channel line up:16 Talk & Variety channels (Discovery, E!, Talk for Women, CourtTV, Air America, Gay/Lesbian, Body/Mind/Spirit Talk)14 channels of Rock music12 channels of Pop music & Top Hits10 News channels (CNN, CNBC, Fox, NPR, PRI, C-SPAN, BCC, World Radio, Bloomberg)9 Hip Hop and Urban music choices7 Sports channels (ESPN, play-by-play channels)6 Country music choices6 Jazz music channels5 Dance music channels4 different channels of music by th… 2. Broadband Tools To Measure System Performance And More Summary: * SG TCP OptimizerThe TCP Optimizer is a free Windows program designed to help optimize your Internet connection. * SG Network ToolsThe SG Network tools section includes many common network tools such as PING, TRACEROUTE, WHOIS, etc.* SG Bits/Bytes Conversion CalculatorThe Bits/Bytes calculator is a useful tool for quickly converting bits/bytes, etc. Article:You can pretty much measure or analyze aught broadband related with the tools provided at SpeedGuide.net. Whatever it is you need … 3. BIGSQUID RFID : Emerging to RFID Enterprise Solution Summary: The reader converts the radio waves reflected back from the RFID tag into digital information that can then be passed on to the computers that can make use of it.Objective The objective of any RFID system is to carry data in suitable transponders, generally known as tags, and to retrieve data, by machine-readable means, at a suitable time and place to satisfy particular application needs. They are classified within two frequency ranges, namely 125 KHz (low frequency) and 13.56 MHz (high… 4. Modular Offices - cost-effective solutions to Conventional Construction Summary:Modular buildings are built in a factory and then the building is shipped section by section to the chosen building site where it is put together. Modular buildings and mobile offices can be built in a faster time frame and the building and the set up costs on the building site is less than that of traditional buildings. While modular buildings are built to suit the specific needs of a building, a mobile office is a pre made stock building that is built for temporary use. Article:Modula… |
||||
