PAGE CONTENTS
Objectives
In the project technical issues have been identified relating to the deployment of VPN solutions in a network based on a broadband satellite system. Appropriate solutions for these issues have been assessed and validated via functional tests as well as performance measurements and the results have been illustrated.
The key results of the project as well as conclusions and recommendations have been disseminated among standardization bodies and conferences relevant for the satellite industry.
The project had several key objectives. One of them has been the identification of the technical issues and drawbacks linked to the deployment of a VPN with an interactive broadband satellite system. The analysis of these issues and drawbacks had been performed based on various application scenarios and cases in order to provide an exhaustive review.
Another objective has been the identification, specification and validation of technical solutions that the satellite system industry, e.g. satellite terminal manufacturer, PEP manufacturer, satellite system integrator or satellite network operator, could implement to solve these technical issues and allow the seamless and optimized support of VPN by interactive broadband satellite systems. The validation also included the usage of suitable testbeds and simulators.
Finally a key objective of the project has been the dissemination of the project results and recommendations to the satellite community, by preparing a whitepaper, and disseminating within relevant conferences, forums and standardisation groups.
Challenges
Among others the following technical key issues have been addressed:
- Performance Enhancing Proxies (PEPs) do not get access to the encrypted protocol headers and data required for protocol enhancement.
- VPN technologies add overhead to packets and this may lead to packet fragmentation, additional load and delay.
- Delayed packets could fall outside the IPsec anti-replay window.
- Mobility could result in IP address changes of VPN peers having a negative impact on the VPN.
- Encrypted QoS classifiers make QoS enforcement difficult.
- NAT boxes cannot modify VPN protected packets.
Plan
The project has been organized in 5 tasks:
- Task 0: Project and Quality Management
- Task 1: Technical requirements identification: Identification of reference scenarios, their respective data security needs and technical issues caused by using VPN technologies
- Task 2: Detailed specification: Identification and assessment of technical solutions for solving the technical issues and design of architectures for respective reference scenarios
- Task 3: Proof of concept: Design and development of a testbed and performing validation tests for assessment of the technical solutions
- Task 4: Recommendations summary: Definition of guidelines and recommendations for deploying VPNs in satellite systems
Current Status
The project has been successfully completed.
A variety of scenarios relevant for the satellite industry have been identified, described, and analysed. Technical issues as well as potential solutions to address them have been identified, the solutions have been integrated in architectures for the respective reference scenarios.
Solutions and architectures have been assessed within two testbeds, their intended functionality has been successfully proven. Additionally performance measurements have been performed, focusing among others on throughput, overhead, delay and jitter aspects. A whitepaper with the key project results and recommendation has been written.
Furthermore the project results and recommendations have been disseminated within different conferences and standardization groups, part of this dissemination will be finished in 2012.