Network Management Strategies for the CIO
Requires Free Membership to View
In theory, any network that has Internet access should be able to use a VPN tunnel to reach your network's VPN gateway over the Internet. In practice, network connectivity impacts performance, and poor performance can make for bad user experience. In other words, even if something is technically feasible, it may not be that usable.Satellite links are not necessarily slower than terrestrial links. In fact, traffic relayed through the public Internet can take so many hops through over-used routers and congested terrestrial links that a two-hop satellite link can deliver higher throughput. You need to look at actual numbers to determine whether this service can meet your needs for throughput and latency. Compare the metrics of your satellite service to your experience with cleartext relayed between your two VPN sites, paying particular attention to latency (propagation delay). If cleartext performance is unacceptable, then there's no point in worrying about VPN performance.
If cleartext performance is reasonable, consider performance for the kind of VPN you are using. Encrypted traffic can impact the satellite provider's ability to manage TCP performance to offset propagation delay. Providers often use techniques like spoofed acknowledgements to trick TCP into using the full capacity of the satellite link, even though latency is higher than on terrestrial links. Because network-layer VPNs like IPsec obscure TCP headers, providers can't play those tricks on IPsec traffic. Transport-layer VPNs (like SSL) don't suffer from this problem. You may want to ask your service provider if they offer VPN services -- for example, a hybrid VPN service that ties an IPsec tunnel over the Internet to a proprietary tunnel over the satellite hop. To learn more about this problem and two vendor solutions, read these papers: Your VPN solution over satellite and VPN over satellite.
This was first published in August 2004
Join the conversationComment
Share
Comments
Results
Contribute to the conversation