Transparent VPN failure recovery with virtualization
Future Generation Computer Systems
| Hi-index | 0.00 |
Network Address Translation (NAT) is often used in routers that connect home and small-office networks to the Internet. Unfortunately, NAT may not interoperate well with many protocols, including IPsec, the security protocol suite often used by telecommuters. Many NAT implementations include heuristics commonly known as IPsec Pass-through, which may enable NAT to interoperate with IPsec under certain assumptions. We characterize IPsec Pass-through's operation and failure modes, and propose IPsec Pass-Through Automatic Client Recovery (IPTACR), a novel set of mechanisms that enable VPN clients to recover automatically from IPsec Pass-through failures. Experiments show that the proposed mechanisms are effective and impose negligible overhead.