Scalability implications for Open-Source Linux Based Virtual Private networks

Virtual Private Networks (VPNs) provide leased-line like connectivity to private networks using a public infrastructure like the Internet. A number of commercial VPN products can now be purchased, but the freely available OpenSource Linux based VPN solutions (OSLVs) seem to be gaining immense popularity. This is mainly due to their open-source licensing, which gives complete access to the source-code allowing developers to customize and optimize it at will. Some fundamental problems facing current OSLV deployment, however, are poor scalability (varying as O(N2)) and poor network performance (<50% bandwidth utilization and increased end-to-end delay). The scalability problem can be traced to maintaining the point-to-point VPN tunnels and the network performance problem can be traced to the static way in which these tunnels apply different VPN functions like encryption, compression and authentication to all packets passing through it. In this paper, we propose a novel packetswitched tunneling architecture (called Flexi-Tunes) that provides a scalable and flexible implementation for VPN tunnels. Simulation results with Flexi-Tune enhanced VPNs reveals a drastic improvement in network-performance (90% of the bandwidth is used compared to only 35% bandwidth utilization in conventional VPNs and end-to-end delay is improved by almost 60% over the conventional case). Further an analysis of this architecture reveals the scalability is also reduced to O(N). Moreover, Flexi-Tunes also solves several difficult problems like increased reliability, load balancing, site sharing and access control that mar conventional VPN deployment. KeywordsVPN, performance evaluation