Abstract
Asymmetric SSL Tunnel (AST) based Virtual Private Network is presented as a cheap solution for large scale SSL VPNs. In this solution, portion of SSL/TLS computational load is transferred to disengaged internal application servers, so that VPN server is no more the bottleneck of VPN system. This paper analyzes the performance advantage of asymmetric SSL tunnel over traditional SSL tunnel, and discusses the secret management scheme for AST, which can meet enhanced security requirement and synchronize cipher specs of multipoint. Finally, a kernel optimization algorithm was introduced. AST is implemented in OpenVPN, which is originally a stable traditional SSL VPN solution. Experiment shows that the overall throughput of OpenVPN can be greatly improved after AST adopted.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This work was supported by NSFC (No. 60373088).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Gartner Company, http://www3.gartner.com
Freier, A.O., Karlton, P.: The SSL Protocol Version 3.0 [EB/OL] (2004), http://wp.netscape.com/eng/ssl3/draft302.txt
Dierks, T., Allen, C.: RFC2246: The TLS Protocol Version 1.0 (January 1999), http://www.ietf.org/rfc/rfc2246.txt
Khanvilkar, S., Khokhar, A.: Virtual private networks: an overview with performance evaluation. Communications Magazine, IEEE 42(10), 146–154 (2004)
Khanvilkar, S., Khokhar, A.: Experimental evaluations of Open-Source Linux-based VPN solutions. In: ICCCN 2004 (2004)
Apostolopoulos, G., Peris, V., Saha, D.: Transport layer security: how much does it really cost? In: INFOCOM 1999. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings., vol. 2, pp. 717–725. IEEE, Los Alamitos (1999)
Di Santo, M., Ranaldo, N., Zimeo, E.: Kernel implementations of locality-aware dispatching techniques for Web server clusters. In: Proceedings of IEEE International Conference on Cluster Computing (CLUSTER 2003), pp. 154–162 (2003)
Kobayashi, M., Murase, T.: Asymmetric TCP splicing for content-based switches. In: Proceedings of IEEE International Conference on Communications (ICC 2002), vol. 2, pp. 1321–1326 (2002)
OpenVPN, http://www.openvpn.net
dkftpbench, http://www.kegel.com/dkftpbench/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhou, J., Xia, H., Yu, J., Wang, X. (2006). Asymmetrical SSL Tunnel Based VPN. In: Guo, M., Yang, L.T., Di Martino, B., Zima, H.P., Dongarra, J., Tang, F. (eds) Parallel and Distributed Processing and Applications. ISPA 2006. Lecture Notes in Computer Science, vol 4330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11946441_15
Download citation
DOI: https://doi.org/10.1007/11946441_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68067-3
Online ISBN: 978-3-540-68070-3
eBook Packages: Computer ScienceComputer Science (R0)