Embed Size (px)
Citation preview
A Performance Analysis of Gateway-to-Gateway and End-to-Gateway
L2TP VPN
Author:
Rukhsana Rahim Butt
Dec, 2006 COMSATS Institue of Information Technology
2
Abstract
• L2TP Communication Modes behave differently on real and non-real applications.
• Detailed analysis for administrator is needed prior to VPN Mode deployment.
• This study can be beneficial for – Financial growth.– Saving bandwidth.– Client satisfaction.
Dec, 2006 COMSATS Institue of Information Technology
3
Paper Overview
• Paper Goal– Provide basic understanding of communication
Modes , current development and missing aspects/loopholes.
– Effect of these technologies’ on various applications.– How these technologies fit together to provide
today’s VPN solutions.
• Approach– Simulation of L2TP Tunnel and measurement of
capacity using OPNET
Dec, 2006 COMSATS Institue of Information Technology
4
What and Why?
VPNs
Provider Provisioned
VPNs
Customer Provisioned
VPNs
Site-to-SiteRemote Access
Remote Access
Site-to-Site
Compulsory Tunnel
Voluntary Tunnel
L2F PPTP L2TPv2/v3 PPTPL2TPv2/v3 IPSec SSL/TLS
Dec, 2006 COMSATS Institue of Information Technology
5
How L2TP/IPSec Secure WLAN?
• Strong encryption, integrity, user authentication, replay protection, tunnel address assignment, multi-protocol and multi-vendor interoperability.
• Mitigate attacks like – Wireless Packet Sniffer– Unauthorized Access– Network Topology Discovery– Password Attack
Dec, 2006 COMSATS Institue of Information Technology
6
L2TP Communication Modes
• Gateway-to-Gateway Mode– Compulsory Tunnel
• End-to-Gateway Mode– Voluntary Tunnel
H o st
S u b scr ib er
N A S
L A C L N S
G a tew a y C o rp o ra te N etw ork
In tern et C lou d
L 2 T P Tu n n e l
P P P S essio n
H o st
S u b scr ib er
N A S G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio nw ith
IP S ec Tu n n e lo r
L A C o n h o stL N S o n g a tew a y
Dec, 2006 COMSATS Institue of Information Technology
7
L A N R eso u rces
C lien t
C lien t
M o b ile C lien t
E th ern et
V P N S erv er
V P N S erv er /R o u ter
C o m p u lso ry Tu n n el
Vo lu n ta ry Tu n n e l
In tern et
Voluntary Tunnel Vs Compulsory Tunnel
Dec, 2006 COMSATS Institue of Information Technology
8
Current Information
• General Tunnel Setup guideline
• Security breaches against Tunnels
• General Communication Mode Information
Dec, 2006 COMSATS Institue of Information Technology
9
What is Missing?
• Communication Modes’ Behavior vs. Applications– Analysis– Comparison– Suited Communication Mode against
Applications (real & non-real)
Dec, 2006 COMSATS Institue of Information Technology
10
Voice Received Traffic of Voluntary and Compulsory Tunnels (RFC 2764)
H o st
S u b scr ib er
N A S
L A C L N S
G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio n
H o st
S u b scr ib er
N A S G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio nw ith
IP S ec Tu n n e lo r
L A C o n h o stL N S o n g a tew a y
Voice Traffic Received Packets/Sec
0
50
100
150
200
250
300
350
400
0 180 360 540 720 900 1080 1260 1440 1620 1800
Time(Sec)
Pac
ket
CompulsoryTunnel
VoluntaryTunnel
Dec, 2006 COMSATS Institue of Information Technology
11
H o st
S u b scr ib er
N A S
L A C L N S
G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio n
H o st
S u b scr ib er
N A S G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio nw ith
IP S ec Tu n n e lo r
L A C o n h o stL N S o n g a tew a y
Voice Traffic Received Packets/Sec
0
50
100
150
200
250
300
350
400
0 180 360 540 720 900 1080 1260 1440 1620 1800
Time(Sec)
Pac
ket
CompulsoryTunnel
VoluntaryTunnel
Voice Received Traffic of Voluntary and Compulsory Tunnels (RFC 2764)
Dec, 2006 COMSATS Institue of Information Technology
12
Voice Throughput of Voluntary and Compulsory Tunnels (RFC 2764)
H o st
S u b scr ib er
N A S
L A C L N S
G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio n
H o st
S u b scr ib er
N A S G a tew a y C o rp o ra te N etw o rk
In tern et C lo u d
L 2 T P Tu n n e l
P P P S essio nw ith
IP S ec Tu n n e lo r
L A C o n h o stL N S o n g a tew a y
Total Throghput on PPP link
0
100
200
300
400
500
600
700
800
900
0 126 252 378 504 630 756 882 1008 1134 1260 1386 1512 1638 1764
Time(Sec)
Pac
ket
Compulsory Tunnel Voluntary Tunnel
Total Throughput on Tunnel Link
0
100
200
300
400
500
600
700
0 126 252 378 504 630 756 882 1008 1134 1260 1386 1512 1638 1764
Time(Sec)
Pac
ket
Compulsory Tunnel Voluntary Tunnel
Dec, 2006 COMSATS Institue of Information Technology
13
Requirements for Performance Analysis
High End-to-End Delay
Less Receiving Traffic Retrieved
Overall throughput decline on PPP and Tunnel links
Dec, 2006 COMSATS Institue of Information Technology
14
Why Gateway-to-Gateway communication mode not suited for Voice Application?
• Communication Mode is time-takenHigh End-to-End Delay
Less Receiving Traffic
• Tunnel SharingLess throughput on PPP Link
Less throughput on Tunnel Link
Dec, 2006 COMSATS Institue of Information Technology
15
Conclusion
The End-to-Gateway communication mode/ the Voluntary Tunnel of L2TP exposes
better response in case of real applications.
Dec, 2006 COMSATS Institue of Information Technology
16
Future Work
Quantitative Analysis of Wireless LAN Security and Performance via VPN
Technology L2TP/IPSec
Thanks
Any Question ?
