I have a VPN connection between two offices in one country. I need to add another network to the VPN, but this...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
network is in another country and is two hop satellites away. Is it even advisable to connect this other network to my VPN and how fast and efficient will it be, considering that it's two hop satellites away from my service provider's satellite? In theory, any network that has Internet access should be able to use a VPN tunnel to reach your network's VPN gateway over the Internet. In practice, network connectivity impacts performance, and poor performance can make for bad user experience. In other words, even if something is technically feasible, it may not be that usable.
Satellite links are not necessarily slower than terrestrial links. In fact, traffic relayed through the public Internet can take so many hops through over-used routers and congested terrestrial links that a two-hop satellite link can deliver higher throughput. You need to look at actual numbers to determine whether this service can meet your needs for throughput and latency. Compare the metrics of your satellite service to your experience with cleartext relayed between your two VPN sites, paying particular attention to latency (propagation delay). If cleartext performance is unacceptable, then there's no point in worrying about VPN performance.
If cleartext performance is reasonable, consider performance for the kind of VPN you are using. Encrypted traffic can impact the satellite provider's ability to manage TCP performance to offset propagation delay. Providers often use techniques like spoofed acknowledgements to trick TCP into using the full capacity of the satellite link, even though latency is higher than on terrestrial links. Because network-layer VPNs like IPsec obscure TCP headers, providers can't play those tricks on IPsec traffic. Transport-layer VPNs (like SSL) don't suffer from this problem. You may want to ask your service provider if they offer VPN services -- for example, a hybrid VPN service that ties an IPsec tunnel over the Internet to a proprietary tunnel over the satellite hop. To learn more about this problem and two vendor solutions, read these papers: Your VPN solution over satellite and VPN over satellite.
Dig Deeper on Network Design
Related Q&A from Lisa Phifer
Need to send an email, check your flight's status or get ready for a presentation? You can do it all on your smartwatch, thanks to a slew of Apple ...continue reading
New and improved management features have made Android devices more suitable for enterprise use, and API and EMM tools can streamline the device ...continue reading
Whether you need a basic open source mobile device management tool for your company's Apple or Android devices, or something more customized, you ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.