Virtual Private Networks
Chris Rodgers
Department of Computer Science
University of Canterbury
Abstract
Virtual Private Networks (VPNs) are one of the most important developments in data communications in re-cent years, offering enterprises potentially dramatic cost savings and substantial freedom when implementing a secure Wide-Area Network (WAN). This paper examines the implications of VPN technology, which primarily involves using a shared backbone network to connect geographically dispersed sites, and requires a range of security technologies to provide confidentiality, integrity, authentication and non-repudiation to such a configuration. The various implementation and membership alternatives supported by VPNs, and their most important protocols and configuration options are also discussed. Finally, a practical investigation into the performance of a VPN environment when employing varying levels of security is documented.
This investigation was conducted on a simple two-site VPN testbed, with performance measured in terms of throughput and latency for file transfers with the file transfer protocol (FTP) and the hypertext transfer protocol (HTTP). This experiment was conducted for a variety of security levels, ranging from no security to strong cryptography applied to authenticated tunnels between firewalls. It was discovered that security mechanisms can have a large impact on performance, particularly in terms of latency. This indicates that it is important to consider the performance levels a proposed VPN will be required to produce, and what hardware will be required to provide this performance, before any investment or implementation takes place.
