comparing tcp performance of tunneled and non tunneled
play

Comparing TCP performance of tunneled and non-tunneled traffic - PowerPoint PPT Presentation

Oct 30, 2023 •545 likes •740 views

Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN Berry Hoekstra | Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef Outline Introduction Approach Research Results Conclusion

  1. Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN Berry Hoekstra | Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef

  2. Outline ● Introduction ● Approach ● Research ● Results ● Conclusion ● Questions?

  3. Introduction ● Virtual Private Networks ○ Secure connection over an insecure network ○ SSL, IPsec, PPTP and L2TP are the most popular VPN solutions ○ Packets are encapsulated into packets on a lower layer ● OpenVPN ○ SSLv3/TLSv1 based VPN solution ○ Able to saturate 100 Mbps ○ Performance issues with 1 Gbps ■ Not much documented research available ○ OpenSSL for encryption ○ TUN/TAP driver for tunneling

  4. Research Question ● "What are the causes of the network performance loss when using OpenVPN at Gigabit speed?" Sub-questions: ● What is the effect of using different encryption and authentication methods or parameters in OpenVPN? ● Is the same performance hit found on other OpenSSL- based tunnel solutions? ● Is the same performance hit found on other operating systems (e.g. FreeBSD)? ● What are the possibilities to mitigate slow OpenVPN network performance?

  5. Problem definition ● Unable to saturate 1 Gbps over a VPN tunnel ○ Even with no encryption and signing with default settings ● Suspected culprits: ○ Inefficient cryptographic functions ○ OS context switching ○ TUN/TAP driver overhead ○ Context switching

  6. OpenVPN packet flow

  7. Methodology (1) ● Perform throughput measurements using Iperf ○ Using a control script ○ On different infrastructures ○ Perform OpenSSL speed tests ● What are the effects in throughput when: ○ Using different parameters ○ Using a different OpenSSL version ○ On a different infrastructure ○ On a different operating system ● Compare against similar VPN solutions ○ Vtun ● Source code analysis ○ OpenVPN / OpenSSL functionality ○ TUN/TAP driver

  8. Lab setup ● Dell R210 ● Intel Xeon L3426 ○ 4/8 cores @ 1.87 GHz ● 8GB memory ● 2x Broadcom NIC Setup 1: Endpoint to endpoint Setup 2: Client to client

  9. Methodology (2) ● Ciphers ○ Blowfish-128-CBC (default) ○ AES-128-CBC ○ AES-256-CBC ● HMAC signing ○ SHA-1 vs. MD5 ● Increasing TUN MTU sizes ○ Increases the block size towards OpenSSL ○ Encryption is done more efficient ● OpenVPN fragmentation options ○ Disabled, fragmentation is done at kernel level ○ Increases throughput! (between endpoints)

  10. Results (1) Different ciphers: BF +150%, AES +30%-80%

  11. Results (2) HMAC disabled +10%-20% Fragmentation disabled + ~40%

  12. Results (3) Crypto impact on AES-256-CBC

  13. Results (4) CentOS vs. FreeBSD: +50%-60%!

  14. Results (5) OpenVPN vs. other OpenSSL solution: Vtun

  15. Conclusions (1) ● OpenSSL is not capable to encrypt at 1 Gbps ○ BF-128 ~500 , AES-128 ~800 , AES-256 ~700 Mbps ● OpenVPN results show inefficient handling ○ Even with the internal fragmentation disabled ○ BF-128 ~400 , AES-128 ~200 , AES-256 ~155 Mbps ● OpenVPN needs high TUN MTU values for most efficient handling ● TUN/TAP driver plays a role in causing more overhead ○ Context switching ○ Mitigated by running in kernel space like IPsec

  16. Conclusions (2) ● Tunnel performance can be optimized ○ Only on endpoint to endpoint setups ○ Hard to improve performance on routed setup ■ Clients deliver packets with a small MTU to endpoints ● Fragmentation options matters ○ Only for endpoint to endpoint setups ● FreeBSD shows a throughput increase of ~80% ○ Due to inefficient FIPS version of OpenSSL on CentOS ■ Fixed in OpenSSL 1.0.0 (default in Fedora) ○ Against CentOS, FreeBSD still outperforms with 50% to 60% ■ Using the same OpenSSL version

  17. Conclusions (3) "What are the causes of the network performance loss when using OpenVPN at Gigabit speed?" ● There is a relation between the OpenSSL version and OpenVPN throughput ● Encryption routines of OpenVPN are inefficient ● OpenVPN fragmentation options cause a lot of overhead ○ Calculation, reassemble, and sequence no. administration ● Different performance measured on different operating systems ● OpenVPN source code contains a lot of branching ○ if {..} else {..} if {..} else {..} if {..} else {..} if {..} else {..} ○ Performance hit on CPU

  18. Future work ● Hardware acceleration ○ AES-NI instruction set ○ Graphics cards ○ Cryptographic cards ● Kernel Mode Linux ○ Eliminate context switching ● TAP-Win32 driver ● Profiler ○ Low level Linux performance counters ○ Steap learning curve ● CPU affinity ○ No multi-socket hardware available ● 10 Gbps performance measurements ○ TCP Tuning is needed to get near-linespeed ○ Look into UDP offloading

  19. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing Network Traffic Tunneled Over Kernel managed TCP/UDP sockets Sowmini

Securing Network Traffic Tunneled Over Kernel managed TCP/UDP sockets Sowmini

Securing Network Traffic Tunneled Over Kernel managed TCP/UDP sockets Sowmini Varadhan(sowmini.varadhan@oracle.com) Agenda What problem are we trying to solve? Privacy, integrity protection, authentication of traffic that gets tunneled

628 views • 36 slides
Thank You for Joining Us! We Will Begin Shortly Tunneled Catheter Avoidance- Seven Simple

Thank You for Joining Us! We Will Begin Shortly Tunneled Catheter Avoidance- Seven Simple

Thank You for Joining Us! We Will Begin Shortly Tunneled Catheter Avoidance- Seven Simple Strategies Anil Agarwal, MD, FASN, FNKF, FACP Professor of Clinical Medicine Director, Interventional Nephrology Chief, Section of Nephrology at

471 views • 28 slides
What APT does Assumption PI (or equivalent) prefixes of edge sites are not routed globally

What APT does Assumption PI (or equivalent) prefixes of edge sites are not routed globally

What APT does Assumption PI (or equivalent) prefixes of edge sites are not routed globally APT: A Practical Transit Mapping Packets are tunneled from ITRs to ETRs APT Service Provide PI prefixes to ETRs mapping Adapt to

462 views • 9 slides
FPGA vs GPU Performance Comparison on the Implementation of FIR Filters FPGA. While comparing the

FPGA vs GPU Performance Comparison on the Implementation of FIR Filters FPGA. While comparing the

FPGA vs GPU Performance Comparison on the Implementation of FIR Filters FPGA. While comparing the performance of them, we Abstract choose different models for each platform to get fairer FIR filters find place in digital signal processing

569 views • 7 slides
An Exploration into Comparing WBCs and their Performance May 1, 2015 Prepared by students of

An Exploration into Comparing WBCs and their Performance May 1, 2015 Prepared by students of

An Exploration into Comparing WBCs and their Performance May 1, 2015 Prepared by students of Carnegie Mellons Heinz College of Public Policy: Roxanna Cisneros, Nichole Hoeflich, John Lira, Cory Misley, Yalan Qin & Natalie Sabadish E-1

610 views • 35 slides
Comparing the Performance of Abstract Syntax Notation One (ASN.1) vs. eXtensible Markup Language

Comparing the Performance of Abstract Syntax Notation One (ASN.1) vs. eXtensible Markup Language

Comparing the Performance of Abstract Syntax Notation One (ASN.1) vs. eXtensible Markup Language (XML) Presented By: Prof. D.W.Chadwick Other Author: D.Mundy Thanks to: ISSRG Information Systems Security Research Group Contact:

613 views • 20 slides
Housing Crisis Response System Performance Comparing 2015, 2016, 2017, and 2018 (11/1) HUD

Housing Crisis Response System Performance Comparing 2015, 2016, 2017, and 2018 (11/1) HUD

Housing Crisis Response System Performance Comparing 2015, 2016, 2017, and 2018 (11/1) HUD System Performance Measures 6 key performance measures that every Continuum of Care reports to HUD annually through the CoC funding competition

510 views • 15 slides
Comparing the Performance of Randomization Tests and Traditional Tests: A Simulation Study

Comparing the Performance of Randomization Tests and Traditional Tests: A Simulation Study

Comparing the Performance of Randomization Tests and Traditional Tests: A Simulation Study W.B.M.R.D. Wijesuriya 1 , C.H.Magalla 2 , D. Kasturiratna 3 1.2 Department of Statistics, University of Colombo, Sri Lanka 3 Department of Mathematics and

238 views • 4 slides
Comparing Simulated Safety Performance to Observed Crash Occurrence Flvio Cunto, Ph.D

Comparing Simulated Safety Performance to Observed Crash Occurrence Flvio Cunto, Ph.D

Comparing Simulated Safety Performance to Observed Crash Occurrence Flvio Cunto, Ph.D Universidade Federal do Cear Frank Saccomanno University of Waterloo Outline Outline Motivation Objectives Methodology Major results

425 views • 9 slides
COMPARING OPENACC AND OPENMP PERFORMANCE AND PROGRAMMABILITY JEFF LARKIN, NVIDIA GUIDO

COMPARING OPENACC AND OPENMP PERFORMANCE AND PROGRAMMABILITY JEFF LARKIN, NVIDIA GUIDO

COMPARING OPENACC AND OPENMP PERFORMANCE AND PROGRAMMABILITY JEFF LARKIN, NVIDIA GUIDO JUCKELAND, TECHNISCHE UNIVERSITT DRESDEN AGENDA OpenACC & OpenMP Overview Case Studies SPECaccel Lessons Learned Final Thoughts IMPORTANT This

430 views • 40 slides
Comparing Several Samples We are often interested in comparing measurements made under more than

Comparing Several Samples We are often interested in comparing measurements made under more than

ST 380 Probability and Statistics for the Physical Sciences Comparing Several Samples We are often interested in comparing measurements made under more than two different sets of conditions. Examples Strengths of concrete beams manufactured

436 views • 15 slides
Comparing Two Samples We are often interested in comparing measurements made under two different

Comparing Two Samples We are often interested in comparing measurements made under two different

ST 380 Probability and Statistics for the Physical Sciences Comparing Two Samples We are often interested in comparing measurements made under two different sets of conditions. Examples Water quality measurements below an effluent outfall,

384 views • 22 slides
Business Statistics CONTENTS Comparing two samples Comparing two unrelated samples Comparing

Business Statistics CONTENTS Comparing two samples Comparing two unrelated samples Comparing

TWO S OR MEDIANS: COMPARISONS Business Statistics CONTENTS Comparing two samples Comparing two unrelated samples Comparing the means of two unrelated samples Comparing the medians of two unrelated samples Old exam question Further study

397 views • 38 slides
Empirically Comparing the Finite-Time Performance of Simulation-Optimization Algorithms Anna Dong,

Empirically Comparing the Finite-Time Performance of Simulation-Optimization Algorithms Anna Dong,

Empirically Comparing the Finite-Time Performance of Simulation-Optimization Algorithms Anna Dong, David Eckman , Xueqi Zhao, Shane Henderson Cornell University Matthias Poloczek University of Arizona Winter Simulation Conference December 5,

818 views • 26 slides
Business Statistics CONTENTS Comparing two s Comparing more than two s Analysis of

Business Statistics CONTENTS Comparing two s Comparing more than two s Analysis of

SEVERAL S: COMPARISON Business Statistics CONTENTS Comparing two s Comparing more than two s Analysis of variance Testing significance of ANOVA Performing ANOVA The statistical model Equal variances Old exam question Further

532 views • 30 slides
Climate: What Is It Anyway Comparing Weather and Climate Climate Regions and Biomes Comparing

Climate: What Is It Anyway Comparing Weather and Climate Climate Regions and Biomes Comparing

Climate: What Is It Anyway Comparing Weather and Climate Climate Regions and Biomes Comparing Weather and Climate Directions 1. Watch the National Geographic Video Weather and Climate 2. In your lab book, construct a Venn Diagram comparing

50 views • 3 slides
Presentation of Various B2B Business Models Case Studies Philippe Deschnes, Mediagrif

Presentation of Various B2B Business Models Case Studies Philippe Deschnes, Mediagrif

Presentation of Various B2B Business Models Case Studies Philippe Deschnes, Mediagrif Interactive Technologies they wish so. This is a typical many-to-many network in the electronic components industry. Abstract Over the years, the

281 views • 11 slides
TGIF Notes Skill Building May 9, 2018 A Partnership for Breastfeeding Success Halle Heart

TGIF Notes Skill Building May 9, 2018 A Partnership for Breastfeeding Success Halle Heart

TGIF Notes Skill Building May 9, 2018 A Partnership for Breastfeeding Success Halle Heart Museum Amanda Shumway | IBCLC Recap T: Tool G: Goal I: Information F: Follow Up T: Tool Getting to the Heart of the Matter Tool used, if

287 views • 24 slides
TDS Reduction from Valley Fills Terry Potter, P.E. Engineering Manager 2013 West Virginia Mine

TDS Reduction from Valley Fills Terry Potter, P.E. Engineering Manager 2013 West Virginia Mine

Coal-Mac, Inc. TDS Reduction from Valley Fills Terry Potter, P.E. Engineering Manager 2013 West Virginia Mine Drainage Task Force Symposium March 26 - 27, 2013 Coal Mac, Inc. Subsidiary of Arch Coal, Inc. Employees - 306 Annual

478 views • 24 slides
Power Plant and Transmission System Protection Coordination GSU Phase Overcurrent (51T), GSU

Power Plant and Transmission System Protection Coordination GSU Phase Overcurrent (51T), GSU

Power Plant and Transmission System Protection Coordination GSU Phase Overcurrent (51T), GSU Ground Overcurrent (51TG), and Breaker Failure (50BF) Protection NERC Protection Coordination Webinar Series June 9, 2010 Phil Tatro Jon Gardell

819 views • 45 slides
Update on the ULCOS program Jean-Pierre Birat, ArcelorMittal, European Coordinator of the ULCOS

Update on the ULCOS program Jean-Pierre Birat, ArcelorMittal, European Coordinator of the ULCOS

Ultra Low CO 2 Steelmaking www.ulcos.org Update on the ULCOS program Jean-Pierre Birat, ArcelorMittal, European Coordinator of the ULCOS program "How will employment and labor markets develop in the context of a transition towards a

717 views • 30 slides
High-speed dispersing between two deinking loops: are there optimisation possibilities?

High-speed dispersing between two deinking loops: are there optimisation possibilities?

High-speed dispersing between two deinking loops: are there optimisation possibilities? Benjamin FABRY and Bruno CARRE Niagara Falls, September 2007 Guideline Introduction Theoretical aspects High-speed dispersing between two

464 views • 44 slides
Benefits Enrollment Platform Full-Time Employes Open Enrollment 2020 Previous Enrollment

Benefits Enrollment Platform Full-Time Employes Open Enrollment 2020 Previous Enrollment

Benefits Enrollment Platform Full-Time Employes Open Enrollment 2020 Previous Enrollment REGENCE FOR MEDICAL EMI HEALTH FOR VISION NBS FOR FLEXIBLE MINNESOTA LIFE FOR LIFE AND DENTAL SPENDING AND HEALTH INSURANCE AND PAPER SAVINGS FORM

1.04k views • 72 slides
Empirical Method Based Aggregate Loss Distributions C. K. Stan Khury 2012 INTRODUCTION

Empirical Method Based Aggregate Loss Distributions C. K. Stan Khury 2012 INTRODUCTION

Empirical Method Based Aggregate Loss Distributions C. K. Stan Khury 2012 INTRODUCTION Aggregate Loss Distributions: Formulaic or Empirical ** Formulaic Distributions: Select Form and Estimate Parameters ** Empirical Distributions:

300 views • 15 slides

More recommend