Elastic virtual private cloud

Daniel Palomares; Daniel Migault; H. Hendrik; Maryline Laurent; Guy Pujolle

doi:10.1145/2642687.2642704

Elastic virtual private cloud

Daniel Palomares, Daniel Migault, H. Hendrik, Maryline Laurent, Guy Pujolle

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Several Virtual Private Networks are based on IPsec. How-ever, IPsec has not been designed with elasticity in mind, which makes clusters of IPsec security gateways hard to manage for providing high Service Level Agreement (SLA). Thus, these SG clusters need management techniques to maintain their Quality of Service. For example, ISPs use VPNs to secure millions of communications when offloading End-Users from Radio Access Networks towards alternative access networks such as WLANs. Additionally, Virtual Private Cloud (VPC) providers also handle thousands of VPN connections when remote EUs access private clouds services. This paper describes how to provide Traffic Management (TM) and High Availability (HA) for VPN infrastructures by sharing or transferring an IPsec session. TM and HA have been implemented and evaluated over a 2-nodes cluster. We measured their impact on a real time audio streaming simulating a phone conversation. We found out that over a 2 minutes conversation, the impact on QoS measured with POLQA while applying TM or HA, is less than 3%.

Original language	English
Title of host publication	Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks
Publisher	Association for Computing Machinery
Pages	127-131
Number of pages	5
ISBN (Electronic)	9781450330275
DOIs	https://doi.org/10.1145/2642687.2642704
Publication status	Published - 21 Sept 2014
Externally published	Yes
Event	10th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Q2SWinet 2014 - Montreal, Canada Duration: 21 Sept 2014 → 22 Sept 2014

Publication series

Name	Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks

Conference

Conference	10th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Q2SWinet 2014
Country/Territory	Canada
City	Montreal
Period	21/09/14 → 22/09/14

Keywords

Context transfer
High availability
IKEv2
IPsec
POLQA
QoS
VPN management
Virtual private cloud

Access to Document

10.1145/2642687.2642704

Cite this

Palomares, D., Migault, D., Hendrik, H., Laurent, M., & Pujolle, G. (2014). Elastic virtual private cloud. In Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks (pp. 127-131). (Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks). Association for Computing Machinery. https://doi.org/10.1145/2642687.2642704

@inproceedings{463349c31d5645228c84113e67b309c6,

title = "Elastic virtual private cloud",

abstract = "Several Virtual Private Networks are based on IPsec. How-ever, IPsec has not been designed with elasticity in mind, which makes clusters of IPsec security gateways hard to manage for providing high Service Level Agreement (SLA). Thus, these SG clusters need management techniques to maintain their Quality of Service. For example, ISPs use VPNs to secure millions of communications when offloading End-Users from Radio Access Networks towards alternative access networks such as WLANs. Additionally, Virtual Private Cloud (VPC) providers also handle thousands of VPN connections when remote EUs access private clouds services. This paper describes how to provide Traffic Management (TM) and High Availability (HA) for VPN infrastructures by sharing or transferring an IPsec session. TM and HA have been implemented and evaluated over a 2-nodes cluster. We measured their impact on a real time audio streaming simulating a phone conversation. We found out that over a 2 minutes conversation, the impact on QoS measured with POLQA while applying TM or HA, is less than 3\%.",

keywords = "Context transfer, High availability, IKEv2, IPsec, POLQA, QoS, VPN management, Virtual private cloud",

author = "Daniel Palomares and Daniel Migault and H. Hendrik and Maryline Laurent and Guy Pujolle",

year = "2014",

month = sep,

day = "21",

doi = "10.1145/2642687.2642704",

language = "English",

series = "Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks",

publisher = "Association for Computing Machinery",

pages = "127--131",

booktitle = "Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks",

}

Palomares, D, Migault, D, Hendrik, H, Laurent, M & Pujolle, G 2014, Elastic virtual private cloud. in Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks. Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Association for Computing Machinery, pp. 127-131, 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Q2SWinet 2014, Montreal, Canada, 21/09/14. https://doi.org/10.1145/2642687.2642704

Elastic virtual private cloud. / Palomares, Daniel; Migault, Daniel; Hendrik, H. et al.
Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks. Association for Computing Machinery, 2014. p. 127-131 (Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Elastic virtual private cloud

AU - Palomares, Daniel

AU - Migault, Daniel

AU - Hendrik, H.

AU - Laurent, Maryline

AU - Pujolle, Guy

PY - 2014/9/21

Y1 - 2014/9/21

N2 - Several Virtual Private Networks are based on IPsec. How-ever, IPsec has not been designed with elasticity in mind, which makes clusters of IPsec security gateways hard to manage for providing high Service Level Agreement (SLA). Thus, these SG clusters need management techniques to maintain their Quality of Service. For example, ISPs use VPNs to secure millions of communications when offloading End-Users from Radio Access Networks towards alternative access networks such as WLANs. Additionally, Virtual Private Cloud (VPC) providers also handle thousands of VPN connections when remote EUs access private clouds services. This paper describes how to provide Traffic Management (TM) and High Availability (HA) for VPN infrastructures by sharing or transferring an IPsec session. TM and HA have been implemented and evaluated over a 2-nodes cluster. We measured their impact on a real time audio streaming simulating a phone conversation. We found out that over a 2 minutes conversation, the impact on QoS measured with POLQA while applying TM or HA, is less than 3%.

AB - Several Virtual Private Networks are based on IPsec. How-ever, IPsec has not been designed with elasticity in mind, which makes clusters of IPsec security gateways hard to manage for providing high Service Level Agreement (SLA). Thus, these SG clusters need management techniques to maintain their Quality of Service. For example, ISPs use VPNs to secure millions of communications when offloading End-Users from Radio Access Networks towards alternative access networks such as WLANs. Additionally, Virtual Private Cloud (VPC) providers also handle thousands of VPN connections when remote EUs access private clouds services. This paper describes how to provide Traffic Management (TM) and High Availability (HA) for VPN infrastructures by sharing or transferring an IPsec session. TM and HA have been implemented and evaluated over a 2-nodes cluster. We measured their impact on a real time audio streaming simulating a phone conversation. We found out that over a 2 minutes conversation, the impact on QoS measured with POLQA while applying TM or HA, is less than 3%.

KW - Context transfer

KW - High availability

KW - IKEv2

KW - IPsec

KW - POLQA

KW - QoS

KW - VPN management

KW - Virtual private cloud

U2 - 10.1145/2642687.2642704

DO - 10.1145/2642687.2642704

M3 - Conference contribution

AN - SCOPUS:84942304793

T3 - Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks

SP - 127

EP - 131

BT - Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks

PB - Association for Computing Machinery

T2 - 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Q2SWinet 2014

Y2 - 21 September 2014 through 22 September 2014

ER -

Palomares D, Migault D, Hendrik H, Laurent M, Pujolle G. Elastic virtual private cloud. In Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks. Association for Computing Machinery. 2014. p. 127-131. (Q2SWinet 2014 - Proceedings of the 10th ACM Symposium on QoS and Security for Wireless and Mobile Networks). doi: 10.1145/2642687.2642704

Elastic virtual private cloud

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this