Asymmetrical SSL Tunnel Based VPN
Asymmetric SSL Tunnel (AST) based Virtual Private Network is presented as a cheap solution for large scale SSL VPNs. In this solution, portion of SSL/TLS computational load is transferred to disengaged internal application servers, so that VPN server is no more the bottleneck of VPN system. This paper analyzes the performance advantage of asymmetric SSL tunnel over traditional SSL tunnel, and discusses the secret management scheme for AST, which can meet enhanced security requirement and synchronize cipher specs of multipoint. Finally, a kernel optimization algorithm was introduced. AST is implemented in OpenVPN, which is originally a stable traditional SSL VPN solution. Experiment shows that the overall throughput of OpenVPN can be greatly improved after AST adopted.
KeywordsApplication Server Response Packet Internal Server Outgoing Packet Virtual Network Interface
Unable to display preview. Download preview PDF.
- 1.Gartner Company, http://www3.gartner.com
- 2.Freier, A.O., Karlton, P.: The SSL Protocol Version 3.0 [EB/OL] (2004), http://wp.netscape.com/eng/ssl3/draft302.txt
- 3.Dierks, T., Allen, C.: RFC2246: The TLS Protocol Version 1.0 (January 1999), http://www.ietf.org/rfc/rfc2246.txt
- 5.Khanvilkar, S., Khokhar, A.: Experimental evaluations of Open-Source Linux-based VPN solutions. In: ICCCN 2004 (2004)Google Scholar
- 7.Di Santo, M., Ranaldo, N., Zimeo, E.: Kernel implementations of locality-aware dispatching techniques for Web server clusters. In: Proceedings of IEEE International Conference on Cluster Computing (CLUSTER 2003), pp. 154–162 (2003)Google Scholar
- 8.Kobayashi, M., Murase, T.: Asymmetric TCP splicing for content-based switches. In: Proceedings of IEEE International Conference on Communications (ICC 2002), vol. 2, pp. 1321–1326 (2002)Google Scholar
- 9.OpenVPN, http://www.openvpn.net
- 10.dkftpbench, http://www.kegel.com/dkftpbench/