Transparent VPN failure recovery with virtualization

Authors:
Yohei Matsuhashi;Takahiro Shinagawa;Yoshiaki Ishii;Nobuyuki Hirooka;Kazuhiko Kato
Affiliations:
Department of Computer Science, University of Tsukuba, 1-1-1 Tennodai, Tsukuba, Ibaraki 305-8573, Japan;Department of Computer Science, University of Tsukuba, 1-1-1 Tennodai, Tsukuba, Ibaraki 305-8573, Japan;Fujisoft Incorporated, 1-1 Sakuragi, Naka, Yokohama, Kanagawa 231-8008, Japan;Fujisoft Incorporated, 1-1 Sakuragi, Naka, Yokohama, Kanagawa 231-8008, Japan;Department of Computer Science, University of Tsukuba, 1-1-1 Tennodai, Tsukuba, Ibaraki 305-8573, Japan
Venue:
Future Generation Computer Systems
Year:
2012

Citing 12
Cited 0

Congestion avoidance and control

SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
On estimating end-to-end network path properties

SIGCOMM LA '01 Workshop on Data communication in Latin America and the Caribbean
Chord: A scalable peer-to-peer lookup service for internet applications

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Resilient overlay networks

SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Fault-tolerant routing in peer-to-peer systems

Proceedings of the twenty-first annual symposium on Principles of distributed computing
Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems

Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
Experimental Study of Internet Stability and Backbone Failures

FTCS '99 Proceedings of the Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing
Fault-Tolerant Virtual Private Networks within An Autonomous System

SRDS '02 Proceedings of the 21st IEEE Symposium on Reliable Distributed Systems
Automatic VPN Client Recovery from IPsec Pass-through Failures

LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
Why do internet services fail, and what can be done about it?

USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
BitVisor: a thin hypervisor for enforcing i/o device security

Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
The case for enterprise-ready virtual private clouds

HotCloud'09 Proceedings of the 2009 conference on Hot topics in cloud computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Cloud computing is widely used to provide today's Internet services. Since its service scope is being extended to a wide range of business applications, the security of network communications between clients and clouds are becoming important. Several cloud vendors support virtual private networks (VPNs) for connecting their clouds. Unfortunately, cloud services become unavailable when a VPN failure occurred in a VPN gateway or networks. We propose a transparent VPN failure recovery scheme that can hide VPN failures from users and operating systems (OSs). This scheme transparently recovers from VPN failures by establishing VPN connections in a virtualization layer. When a VPN failure occurs, a client virtual machine monitor (VMM) automatically reconnects to an available VPN gateway which is geographically distributed and connected via leased lines in clouds. IP address changes are hidden from client OSs and servers via a packet relay system implemented by a relay client in the client VMM and a relay server. We implemented a prototype system based on BitVisor, a small client VMM supporting IPsec VPN, and evaluated the prototype system in a wide-area distributed Internet environment in Japan. Experimental results show that our scheme can maintain TCP connections on VPN failures, and performance overhead with the virtualization layer is around 0.6 ms to latency and 8%-30% to throughput.