Multipath transport for virtual private networks
Abstract
An important class of virtual private networks (VPNs)
builds secure tunnels at the transport layer leveraging
TCP or UDP. Multipath TCP (MPTCP), an ongoing
IETF effort that has been adopted into Linux and iOS,
extends TCP to allow data to be delivered over multiple network interfaces and paths simultaneously. In
this paper, using a testbed that can emulate a range of
path characteristics between the VPN end points, we first
empirically quantify the potential of using MPTCP tunnels to increase the goodput of VPN communications
when multiple data paths are available. We further design and implement a preliminary version of Multipath
UDP (MPUDP) to address the adverse effect of the duplicated congestion control actions that is known with
a TCP-in-TCP tunnel. We observe that a severe asymmetry of path delays may cause an excessive amount of
packet reordering at the receiving end and consequently
degrade the overall performance of TCP-in-MPUDP tunnels. Moreover, we find that a packet scheduler capable
of tracking path delays and allocating more packets to
path(s) with shorter delay(s) to be an effective and relatively lightweight solution for MPUDP, instead of an
elaborate data sequencing mechanism like the one used
by MPTCP.
Description
The article of record as published may be found at http://www.usenix.org/node/205862
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections