Performance Analysis of VPN Gateways

Maximilian Pudelko, Paul Emmerich, Sebastian Gallenmüller, Georg Carle

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

20 Scopus citations

Abstract

VPNs play an important role in today's Internet architecture. We investigate different architectures for software implementations of VPN gateways and their effect on performance. Our case study compares OpenVPN, Linux IPsec, and WireGuard. We also implement a WireGuard-compatible VPN benchmarking example application with three different software architectures inspired by the evaluated open-source solutions. Our implementation allows benchmarking of individual effects and optimizations in isolation. We find that WireGuard is the most promising software VPN implementation from an architectural viewpoint. Our implementation of WireGuard's pipeline architecture on top of DPDK achieves 6.2Mpps and 40Gbit/s, the fastest of all evaluated VPN implementations. We find that the main bottleneck for scaling software VPNs are data structures and multi-core synchronization - a problem that can be tackled with an architecture based on pipelining and message passing.

Original languageEnglish
Title of host publicationIFIP Networking 2020 Conference and Workshops, Networking 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages325-333
Number of pages9
ISBN (Electronic)9783903176287
StatePublished - Jun 2020
Event2020 IFIP Networking Conference and Workshops, Networking 2020 - Paris, France
Duration: 22 Jun 202025 Jun 2020

Publication series

NameIFIP Networking 2020 Conference and Workshops, Networking 2020

Conference

Conference2020 IFIP Networking Conference and Workshops, Networking 2020
Country/TerritoryFrance
CityParis
Period22/06/2025/06/20

Keywords

  • IPsec
  • Linux
  • OpenVPN
  • VPN
  • Wireguard

Fingerprint

Dive into the research topics of 'Performance Analysis of VPN Gateways'. Together they form a unique fingerprint.

Cite this