a performance analysis of gateway- to-gateway and end-to-gateway l2tp vpn author: rukhsana rahim...
Post on 21-Dec-2015
231 views
TRANSCRIPT
![Page 1: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/1.jpg)
A Performance Analysis of Gateway-to-Gateway and End-to-Gateway
L2TP VPN
Author:
Rukhsana Rahim Butt
![Page 2: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/2.jpg)
Dec, 2006 COMSATS Institue of Information Technology
2
Abstract
• L2TP Communication Modes behave differently on real and non-real applications.
• Detailed analysis for administrator is needed prior to VPN Mode deployment.
• This study can be beneficial for – Financial growth.– Saving bandwidth.– Client satisfaction.
![Page 3: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/3.jpg)
Dec, 2006 COMSATS Institue of Information Technology
3
Paper Overview
• Paper Goal– Provide basic understanding of communication
Modes , current development and missing aspects/loopholes.
– Effect of these technologies’ on various applications.– How these technologies fit together to provide
today’s VPN solutions.
• Approach– Simulation of L2TP Tunnel and measurement of
capacity using OPNET
![Page 4: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/4.jpg)
Dec, 2006 COMSATS Institue of Information Technology
4
What and Why?
VPNs
Provider Provisioned
VPNs
Customer Provisioned
VPNs
Site-to-SiteRemote Access
Remote Access
Site-to-Site
Compulsory Tunnel
Voluntary Tunnel
L2F PPTP L2TPv2/v3 PPTPL2TPv2/v3 IPSec SSL/TLS
![Page 5: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/5.jpg)
Dec, 2006 COMSATS Institue of Information Technology
5
How L2TP/IPSec Secure WLAN?
• Strong encryption, integrity, user authentication, replay protection, tunnel address assignment, multi-protocol and multi-vendor interoperability.
• Mitigate attacks like – Wireless Packet Sniffer– Unauthorized Access– Network Topology Discovery– Password Attack
![Page 6: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/6.jpg)
Dec, 2006 COMSATS Institue of Information Technology
6
L2TP Communication Modes
• Gateway-to-Gateway Mode– Compulsory Tunnel
• End-to-Gateway Mode– Voluntary Tunnel
H o st
S u b scr ib er
N A S
L A C L N S
G a tew a y C o rp o ra te N etw ork
In tern et C lou d
L 2 T P Tu n n e l
P P P S essio n
H o st
S u b scr ib er
N A S G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio nw ith
IP S ec Tu n n e lo r
L A C o n h o stL N S o n g a tew a y
![Page 7: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/7.jpg)
Dec, 2006 COMSATS Institue of Information Technology
7
L A N R eso u rces
C lien t
C lien t
M o b ile C lien t
E th ern et
V P N S erv er
V P N S erv er /R o u ter
C o m p u lso ry Tu n n el
Vo lu n ta ry Tu n n e l
In tern et
Voluntary Tunnel Vs Compulsory Tunnel
![Page 8: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/8.jpg)
Dec, 2006 COMSATS Institue of Information Technology
8
Current Information
• General Tunnel Setup guideline
• Security breaches against Tunnels
• General Communication Mode Information
![Page 9: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/9.jpg)
Dec, 2006 COMSATS Institue of Information Technology
9
What is Missing?
• Communication Modes’ Behavior vs. Applications– Analysis– Comparison– Suited Communication Mode against
Applications (real & non-real)
![Page 10: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/10.jpg)
Dec, 2006 COMSATS Institue of Information Technology
10
Voice Received Traffic of Voluntary and Compulsory Tunnels (RFC 2764)
H o st
S u b scr ib er
N A S
L A C L N S
G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio n
H o st
S u b scr ib er
N A S G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio nw ith
IP S ec Tu n n e lo r
L A C o n h o stL N S o n g a tew a y
Voice Traffic Received Packets/Sec
0
50
100
150
200
250
300
350
400
0 180 360 540 720 900 1080 1260 1440 1620 1800
Time(Sec)
Pac
ket
CompulsoryTunnel
VoluntaryTunnel
![Page 11: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/11.jpg)
Dec, 2006 COMSATS Institue of Information Technology
11
H o st
S u b scr ib er
N A S
L A C L N S
G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio n
H o st
S u b scr ib er
N A S G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio nw ith
IP S ec Tu n n e lo r
L A C o n h o stL N S o n g a tew a y
Voice Traffic Received Packets/Sec
0
50
100
150
200
250
300
350
400
0 180 360 540 720 900 1080 1260 1440 1620 1800
Time(Sec)
Pac
ket
CompulsoryTunnel
VoluntaryTunnel
Voice Received Traffic of Voluntary and Compulsory Tunnels (RFC 2764)
![Page 12: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/12.jpg)
Dec, 2006 COMSATS Institue of Information Technology
12
Voice Throughput of Voluntary and Compulsory Tunnels (RFC 2764)
H o st
S u b scr ib er
N A S
L A C L N S
G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio n
H o st
S u b scr ib er
N A S G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio nw ith
IP S ec Tu n n e lo r
L A C o n h o stL N S o n g a tew a y
Total Throghput on PPP link
0
100
200
300
400
500
600
700
800
900
0 126 252 378 504 630 756 882 1008 1134 1260 1386 1512 1638 1764
Time(Sec)
Pac
ket
Compulsory Tunnel Voluntary Tunnel
Total Throughput on Tunnel Link
0
100
200
300
400
500
600
700
0 126 252 378 504 630 756 882 1008 1134 1260 1386 1512 1638 1764
Time(Sec)
Pac
ket
Compulsory Tunnel Voluntary Tunnel
![Page 13: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/13.jpg)
Dec, 2006 COMSATS Institue of Information Technology
13
Requirements for Performance Analysis
High End-to-End Delay
Less Receiving Traffic Retrieved
Overall throughput decline on PPP and Tunnel links
![Page 14: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/14.jpg)
Dec, 2006 COMSATS Institue of Information Technology
14
Why Gateway-to-Gateway communication mode not suited for Voice Application?
• Communication Mode is time-takenHigh End-to-End Delay
Less Receiving Traffic
• Tunnel SharingLess throughput on PPP Link
Less throughput on Tunnel Link
![Page 15: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/15.jpg)
Dec, 2006 COMSATS Institue of Information Technology
15
Conclusion
The End-to-Gateway communication mode/ the Voluntary Tunnel of L2TP exposes
better response in case of real applications.
![Page 16: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/16.jpg)
Dec, 2006 COMSATS Institue of Information Technology
16
Future Work
Quantitative Analysis of Wireless LAN Security and Performance via VPN
Technology L2TP/IPSec
![Page 17: A Performance Analysis of Gateway- to-Gateway and End-to-Gateway L2TP VPN Author: Rukhsana Rahim Butt](https://reader036.vdocument.in/reader036/viewer/2022062407/56649d635503460f94a467cf/html5/thumbnails/17.jpg)
Thanks
Any Question ?