Abstract
Virtual private networking (VPN) has become an increasingly important component of a collaboration environment because it ensures private, authenticated communication among participants, using existing collaboration tools, where users are distributed across multiple institutions and can be mobile. The majority of current VPN solutions are based on a centralized VPN model, where all IP traffic is tunneled through a VPN gateway. Nonetheless, there are several use case scenarios that require a model where end-to-end VPN links are tunneled upon existing Internet infrastructure in a peer-to-peer (P2P) fashion, removing the bottleneck of a centralized VPN gateway. We propose a novel virtual network — TinCan — based on peerto-peer private network tunnels. It reuses existing standards and implementations of services for discovery notification (XMPP), reflection (STUN) and relaying (TURN), facilitating configuration. In this approach, trust relationships maintained by centralized (or federated) services are automatically mapped to TinCan links. In one use scenario, TinCan allows unstructured P2P overlays connecting trusted end-user devices — while only requiring VPN software on user devices and leveraging online social network (OSN) infrastructure already widely deployed. This paper describes the architecture and design of TinCan and presents an experimental evaluation of a prototype supporting Windows, Linux, and Android mobile devices. Results quantify the overhead introduced by the network virtualization layer, and the resource requirements imposed on services needed to bootstrap TinCan links.
Highlights
Virtual private networking (VPN) has become an increasingly important component of a collaboration environment because it ensures private, authenticated communication among participants, using existing collaboration tools, where users are distributed across multiple institutions and can be mobile
The majority of VPN solutions are based on a centralized VPN model, where all IP traffic is tunneled through a VPN gateway
A P2PVPN enhances this model because it ensures that only endpoints are able to encrypt/decrypt the IP traffic removing the reliance on a VPN gateway to handle that task
Summary
Virtual private networking (VPN) has become an increasingly important component of a collaboration environment because it ensures private, authenticated communication among participants, using existing collaboration tools, where users are distributed across multiple institutions and can be mobile. The results show a latency of less than 1 ms and a TCP bandwidth of 64 Mbps; since our target is to create virtual networks across the Internet, for most applications, the bottleneck will be the bandwidth limit imposed by their local ISPs. The main contribution of this paper is a novel VPN design that leverages XMPP servers to bootstrap end-to-end VPN tunnels, supports decoupled controller/datapath model and P2P communication among controllers to implement different VPN membership, address mapping and overlay topology/routing policies, and leverages existing P2P technologies (STUN, TURN, and ICE) for establishing direct and secure P2P tunnels for IP connectivity.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: EAI Endorsed Transactions on Collaborative Computing
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.