ABSTRACT
One of the key features of SSL VPN software is that they are inherently designed to transport payload data over either TCP or UDP tunnels. However, it is a common refrain to not use a TCP tunnel due to the overhead associated with the protocol and the well-known performance problem caused by the stacking of one layer of TCP on top of another. Even so, in some restrictive network environments where UDP tunnelling may not work, TCP is the only option. With the increasing availability of reliable, high-speed networks and the introduction of new TCP congestion control algorithms, there is an opportunity now to revisit this problem. One such new congestion control algorithm is Google's Bottleneck Bandwidth and Round-trip Propagation Time (BBR). The algorithm has been reported to be superior to older congestion control schemes in performance. In this study, we investigate the use of BBR for the application in SSL VPN and evaluate its’ performance in comparison to the default Linux congestion control algorithm Cubic. Our findings showed that the use of BBR led to gains in VPN throughput for both TCP over UDP and TCP over TCP tunnelling. In the latter case, our study did not uncover the undesirable effects commonly associated with the stacking of TCP on top of TCP.
- Yi Cao, Arpit Jain, Kriti Sharma, Aruna Balasubramanian, and Anshul Gandhi. 2019. When to use and when not to use BBR: An empirical analysis and evaluation study. In Proceedings of the Internet Measurement Conference (2019), 130–136. https://doi.org/10.1145/3355369.3355579Google ScholarDigital Library
- Neal Cardwell, Yuchung Cheng, C. Stephen Gunn, Soheil Hassas Yeganeh, and Van Jacobson. 2016. BBR: Congestion-Based Congestion Control. ACM Queue 14, 5 (2016), 20–53. https://doi.org/10.1145/3012426.3022184Google ScholarDigital Library
- Neal Cardwell, Yuchung Cheng, C. Stephen Gunn, Soheil Hassas Yeganeh, Van Jacobson, and Amin Vahdat. 2017. TCP BBR congestion control comes to GCP – your Internet just got faster. Retrieved from https://cloud.google.com/blog/products/networking/tcp-bbr-congestion-control-comes-to-gcp-your-internet-just-got-fasterGoogle Scholar
- Erik Carlsson and Eirini Kakogianni. 2018. Smoother Streaming with BBR. Retrieved from https://engineering.atspotify.com/2018/08/smoother-streaming-with-bbr/Google Scholar
- Irfaan Coonjah, Pierre Clarel Catherine, and K. M. S. Soyjaudah. 2015. Experimental Performance Comparison between TCP vs UDP Tunnel Using OpenVPN. In Proceedings of the 2015 International Conference on Computing, Communication and Security (ICCCS), 1–5. https://doi.org/10.1109/cccs.2015.7374133Google ScholarCross Ref
- Jim Gettys and Kathleen Nichols. 2011. Bufferbloat: Dark Buffers in the Internet. ACM Queue 9, 11 (2011), 40–54. https://doi.org/10.1145/2063166.2071893Google ScholarDigital Library
- Russell Harkanson, Yoohwan Kim, Ju-Yeon Jo, and Khanh Pham. 2019. Effects of TCP Transfer Buffers and Congestion Avoidance Algorithms on the End-to-End Throughput of TCP-over-TCP Tunnels. In Proceedings of the 16th International Conference on Information Technology-New Generations (ITNG 2019), 401–408. https://doi.org/10.1007/978-3-030-14070-0_55Google ScholarCross Ref
- Mario Hock, Roland Bless, and Martina Zitterbart. 2017. Experimental Evaluation of BBR Congestion Control. In Proceedings of the 2017 IEEE 25th International Conference on Network Protocols (ICNP), 1–10. https://doi.org/10.1109/icnp.2017.8117540Google ScholarCross Ref
- Osamu Honda, Hiroyuki Ohsaki, Makoto Imase, Mika Ishizuka, and Junichi Murayama. 2005. Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency. In Proceedings of SPIE, vol. 6011, 138-146. https://doi.org/10.1117/12.630496Google Scholar
- J. Iyengar and M. Thomson. QUIC: A UDP-Based Multiplexed and Secure Transport. RFC Editor. RFC 9000Google ScholarDigital Library
- OpenVPN. What is TCP Meltdown? Retrieved February 7, 2022 from https://openvpn.net/faq/what-is-tcp-meltdown/Google Scholar
- Luca Schumann, Trinh Viet Doan, Tanya Shreedhar, Ricky Mok, and Vaibhav Bajpai. 2022. Impact of Evolving Protocols and COVID-19 on Internet Traffic Shares. arXiv:2201.00142. Retrieved from https://arxiv.org/pdf/2201.00142.pdfGoogle Scholar
- Olaf Titz. 2001. Why TCP Over TCP Is A Bad Idea. Retrieved from http://sites.inka.de/∼bigred/devel/tcp-tcp.htmlGoogle Scholar
- Andy Yen. 2021. Increase VPN speeds by over 400% with VPN Accelerator. Retrieved from https://protonvpn.com/blog/vpn-accelerator/Google Scholar
- NetEm - Network Emulator. Retrieved February 7, 2022 from https://man7.org/linux/man-pages/man8/tc-netem.8.htmlGoogle Scholar
- FQ - Fair Queue traffic policing. Retrieved February 7, 2022 from https://man7.org/linux/man-pages/man8/tc-fq.8.htmlGoogle Scholar
- OpenConnect VPN Official Website. Retrieved February 7, 2022 from https://www.infradead.org/openconnect/index.htmlGoogle Scholar
- SoftEther VPN Project. Retrieved February 7, 2022 from https://www.softether.org/Google Scholar
Index Terms
- SSL VPN over TCP and UDP Tunnels: Performance evaluation with different server-side congestion control
Recommendations
Performance comparison of TCP, UDP and TFRC in static wireless environment
Instantaneous communication is the need of the hour. Wireless networks enable instantaneous communication. Since the application interacts with the transport protocol, the services of a transport protocol are of significant importance. All the ...
Can DCCP Replace UDP in Changing Network Conditions?
AINA '11: Proceedings of the 2011 IEEE International Conference on Advanced Information Networking and ApplicationsDCCP is proposed to replace UDP for its ability of congestion control while maintaining its promptness by ignoring lost packets as UDP does. The network would suffer less congestion. However, whether the applications that switch from UDP to DCCP can ...
Comments