Flexi-Tunes: An efficient architecture for adaptive and flexible VPN tunnels

Virtual Private Networks (VPNs) provide the security and isolation properties of private networks, but at lower costs made possible by using a shared infrastructure such as the Internet. VPNs use point-to-point tunnels to create a secure overlay network, with every tunnel being pre-configured to encrypt, compress, and/or authenticate traffic. Once the tunnels are created such properties are maintained throughout its lifetime and traffic streams from different application flowing through the tunnel are subjected to same treatment. This poses a heavy computational burden on the edge routers and may be unnecessary for many applications, which only require a subset of these functions (or variations thereof) to be applied to their streams. Current VPNs are unable to offer such differential and application specific treatment, which makes them inflexible. Moreover, performing unnecessary computations on every packet degrades network performance. In this paper, we propose and evaluate a flexible VPN architecture (called FlexiTunes) where within a single VPN tunnel, different VPN functions can be applied to different applications, thus offering differential and customized treatment. Flexi-Tunes empowers applications on end-hosts to either specify the kind of treatment they expect for their traffic streams or take active part in applying the tunneling functions themselves. This is realized by enhancing the VPN edge router architecture and introducing a new IP Option. Simulations of this enhanced model show that 90% of the bandwidth is used compared to only 20% bandwidth utilization in conventional VPNs. Similarly, end-to-end delay is improved by almost 60% over the conventional case.