Overlay and Virtual Private Networks Security Performances Analysis with Open Source Infrastructure Deployment
<p>Generic VPN/Overlay stacking technology.</p> "> Figure 2
<p>Site-to-site Overlay network scenario.</p> "> Figure 3
<p>Site-to-multi-site Overlay network scenario.</p> "> Figure 4
<p>Hub and spoke Overlay network scenario.</p> "> Figure 5
<p>Mesh Overlay network scenario.</p> "> Figure 6
<p>Generic VPN deploy topology.</p> "> Figure 7
<p>The trend of the average RTT for the considered connections.</p> "> Figure 8
<p>Clustered RTT distribution trend for the first six tunnels (one refers just to a clean IP connection) of <a href="#futureinternet-16-00283-f007" class="html-fig">Figure 7</a>.</p> "> Figure 9
<p>Clustered RTT distribution trend for the central group of tunnels illustrated in <a href="#futureinternet-16-00283-f007" class="html-fig">Figure 7</a>.</p> "> Figure 10
<p>Clustered RTT distribution trend for the central group of tunnels illustrated in <a href="#futureinternet-16-00283-f007" class="html-fig">Figure 7</a>.</p> "> Figure 11
<p>Clustered RTT distribution trend for the central group of tunnels illustrated in <a href="#futureinternet-16-00283-f007" class="html-fig">Figure 7</a>.</p> "> Figure 12
<p>Clustered RTT distribution trend for the central group of tunnels illustrated in <a href="#futureinternet-16-00283-f007" class="html-fig">Figure 7</a>.</p> "> Figure 13
<p>Clustered RTT distribution trend for the central group of tunnels illustrated in <a href="#futureinternet-16-00283-f007" class="html-fig">Figure 7</a>.</p> "> Figure 14
<p>The trend of maximum reachable bandwidth (Mbps) for each TCP connection with the underlying tunnel (MTU = 9000B).</p> "> Figure 15
<p>The trend of maximum reachable bandwidth (Mbps) for each UDP connection with the underlying tunnel (MTU = 9000B).</p> "> Figure 16
<p>The trend of Tinc average RTT for different MTU lengths.</p> "> Figure 17
<p>The trend of the average throughput (Mbps) for each TCP connection with only a VPN tunnel (MTU = 9000B).</p> "> Figure 18
<p>The trend of the average throughput (Mbps) for each UDP connection with only VPN tunnels (MTU = 9000B).</p> "> Figure 19
<p>The trend of maximum reachable bandwidth (Mbps) for each TCP connection with the underlying tunnel (MTU = 1500B).</p> "> Figure 20
<p>The trend of maximum reachable bandwidth (Mbps) for each UDP connection with the underlying tunnel (MTU = 1500B).</p> "> Figure 21
<p>The average reachable throughput (MBps) for each TCP connection with the underlying tunnel (MTU = 1500B).</p> "> Figure 22
<p>The average reachable throughput (MBps) for each UDP connection with the underlying tunnel (MTU = 1500B).</p> ">
Abstract
:1. Introduction
- Approach to Security: ONs implement security through end-to-end encryption of data. Each node encrypts the data before transmitting them over the public network. This ensures that the data remain secure even when transmitted over an untrusted network. VPNs, on the other hand, use tunneling to ensure data security. Data are encapsulated in encrypted packets as they traverse the public network. This creates a secure tunnel between devices communicating through the VPN.
- Architecture: ONs are built on top of existing networks, adding an abstraction layer. Nodes in the ON can be implemented on different hardware and software, allowing for greater flexibility. VPNs are typically implemented on existing Internet Protocol (IP) networks, both on the Internet and as part of private networks. They use specific protocols to establish secure connections between participating devices.
- Data Flow Management: ONs manage data flow in a distributed manner. Each node in the network is responsible for transmitting and receiving data, which may follow different paths based on the overlay network topology. VPNs manage data flow in a centralized way. Data are sent through the VPN tunnel between a client and a central VPN server, which handles routing and data security.
- Scalability: ONs can be more scalable than VPNs in some situations, as they can better adapt to changes in network topology and support a larger number of nodes without impacting performance. VPNs may have scalability limitations due to their need to manage centralized VPN tunnels and their dependence on a device’s capacity to handle encrypted traffic.
2. Related Works
3. Components of VPN/Overlay Architecture
- IPIP: The IPIP tunnel is a method of tunneling that allows IP packets to be transmitted within another IP packet. This type of tunnel is primarily used to connect two LANs via the Internet. Due to its minimal overhead, it is optimal for this application, although it only supports IPv4 unicast traffic and not multicast.
- VTI: The Virtual Tunnel Interface (VTI) on Linux facilitates IP encapsulations and is compatible with XFRMi. It establishes secure tunnels and enables kernel routing atop. VTI tunnels function similarly to IPIP or SIT tunnels, with the addition of fwmark (https://www.linux.org/docs/man8/tc-fw.html accessed on 23 June 2024) and IPsec encapsulation/decapsulation capabilities.
- GRE and GREtap: Generic Routing Encapsulation (GRE), RFC 2784, involves inserting a GRE header between the inner and outer IP headers. Unlike IPIP, which is limited to encapsulating IP, GRE theoretically supports encapsulating any Layer 3 protocol with a valid Ethernet type. GRE tunnels can transport multicast traffic and IPv6. While GRE operates at OSI Layer 3, GREtap works at Layer 2 (with an encapsulated Ethernet header).
- FOU: Tunneling operates across different layers of the networking stack, with IPIP or GRE working at the IP level and FOU (Foo Over UDP) functioning at the UDP level. The leverage of UDP tunneling offers several advantages, especially in existing hardware infrastructure, such as RSS in NICs, ECMP in switches, and checksum offload. Performance boosts have been evidenced for IPIP protocols through developer patch sets. Currently, the FOU tunnel accommodates encapsulation protocols such as IPIP and GRE, with an example FOU header provided. Configuring a FOU receive port for IPIP entails setting it to port 5555, while for GRE, setting ipproto (https://www.ee.torontomu.ca/~courses/ee8205/Data-Sheets/Tornado-VxWorks/vxworks/ref/ipProto.html accessed on 23 June 2024) 47 is required. Another command establishes a new IPIP virtual interface (FOU1) configured for FOU encapsulation, with the destination port set to 5555.
- GUE: Generic UDP Encapsulation (GUE) differs from FOU by including its encapsulation header with the protocol information and additional data, thus supporting inner IPIP and GRE encapsulation, and configuring a GUE receive port for IPIP on port 5555 involves setting up an IPIP tunnel for GUE encapsulation.
- GENEVE: Generic Network Virtualization Encapsulation (GENEVE) consolidates the functionalities of VXLAN, NVGRE, and STT, aiming to address their perceived limitations. Many researchers anticipate that GENEVE could ultimately supplant these earlier formats entirely. The GENEVE tunnel header closely resembles VXLAN, with the key distinction lying in its flexibility. The GENEVE header allows for easy integration of new features through extension with a new Type–Length–Value (TLV) field.
- VXLAN: VXLAN (Virtual eXtensible Local Area Network) is a tunneling protocol that overcomes the limitations of VLAN IDs (4096) by introducing a 24-bit VXLAN Network Identifier (VNI), enabling up to 16,777,216 virtual LANs as described in IETF RFC 7348. This protocol is widely used in data centers to interconnect virtualized hosts across multiple racks, encapsulating Layer 2 frames with a VXLAN header into UDP-IP packets.
- IP/MACVLAN: MACVLAN enables multiple MAC and IP addresses on a single physical interface through MACVLAN sub-interfaces. This is different from VLANs, where sub-interfaces share the same MAC address. Each MACVLAN sub-interface has a unique MAC and IP address directly integrated into the underlay network. Typically employed in virtualization, MACVLAN interfaces allow Containers or VMs to obtain DHCP addresses directly, easing integration into existing networks. MACVLAN offers four types, with the MACVLAN bridge being the most common, enabling local communication without external routing. External connectivity utilizes the underlay network, as illustrated by two Containers communicating via the MACVLAN bridge.
- MACsec: MACsec operates at Layer 2, ensuring transparent protection (integrity and/or encryption) within the network. Unlike IPsec, which can pose performance challenges, MACsec is designed to run at line rate, typically in a hardware’s ASIC, although it is not universally supported across hardware. The protected MACsec frame utilizes an Ethertype of 0x88e5. IPVLAN is akin to MACVLAN but with a key distinction: the endpoints share the same MAC address. Supporting both L2 and L3 modes, IPvlan offers flexibility in networking configurations. In L2 mode, each endpoint retains the same MAC address but receives a different IP address. Conversely, L3 mode facilitates packet routing between endpoints, enhancing scalability. While the Ethernet Header and SecTag are sent in plaintext, they are always integrity-protected by ICV. The default cryptographic algorithm is AES-GCM-128. Additionally, MACsec supports optional replay protection with a configurable replay window.
3.1. IPsec
3.2. TLS Based VPN
Feature | LibreSwan |
---|---|
Pre-shared key authentication | Yes |
Public-key authentication | Yes |
IKEv1 key exchange | Yes |
IKEv2 key exchange | Yes |
AH support | Yes |
NSS compatibility | Yes |
DnsSec/XAUTH | Yes |
Network Manager compatibility | Yes |
VIP (Virtual IP Pools) | Yes |
NAT Traversal | Yes |
MOBIKE | Yes |
Route-based VPN | Yes |
Policy-based VPN | Yes |
Native {Policy/Route}–based VPN | Yes |
HA (High Availability) | Yes |
Legacy cipher suites backwards compatibility | No |
3.3. The Noise Protocol Framework
3.4. Operative Systems Hardware Platforms and Linux Daemons
OpenWRT
4. Description of Possible Deployment for Overlay Topologies
5. Implemented Scenarios and Experimental Results
Listing 1. Bash script for a FOU interface. |
Listing 2. Bash script for a FOU interface iptables rule. |
Listing 3. Bash script for a FOU interface Nftables rule. |
- Installing necessary packages to support network tunnels, such as OpenVPN, IPSec, or using the scripts to deploy needed configurations.
- Configuring the specific tunnel configuration files, such as OpenVPN (‘*.conf‘) or LibreSwan (‘*.conf‘) configuration files.
- Enabling and starting the necessary services to manage the network tunnels.
- Configuring firewall rules, if necessary, to allow traffic through the network tunnels.
- Verifying the status of network tunnels to ensure they are active and functioning correctly.
5.1. Considered VPN/Overlay Deployed Topology
5.2. Throughput Performance Analysis
- An MTU that is too high or too low can cause packet fragmentation or inefficiency in packet transfer. A value of 1400 can improve performance.
- If compression is enabled, it can cause extra CPU load.
- Suboptimal TCP/IP parameters can affect performance.
- Using outdated versions of Tinc can lead to performance issues, and Tinc has not been updated since 2021.
- UDP low reachable bandwidth (as shown in Figure 15, where a bandwidth of 12.4 Mbps is never exceeded): running virtual machines and enabling tunneled connections slow UDP throughput due to extra virtualization overhead and networking configuration issues. Typically, for any UDP packet exceeding 1024 bytes, the Windows network stack delays sending the next packet until it receives a transmit completion interruption.
6. Conclusions and Future Works
- FOU (Foo Over UDP): efficient encapsulation of IP in UDP, reducing overhead.
- GUE (Generic UDP Encapsulation): offers flexibility for different protocols with minimal latency.
- GRE (Generic Routing Encapsulation) and GREtap: ensures robust tunneling of various network protocols and Ethernet frames, optimizing traffic flow.
- IPIP (IP-in-IP): simplifies tunneling with minimal processing overhead.
- GENEVE and VXLAN: provide scalable solutions for network virtualization, enhancing performance in overlay networks.
- MACsec: secures data link layer communications, maintaining high throughput with encryption.
- OpenVPN and WireGuard: deliver secure and efficient VPN solutions, with WireGuard specifically known for its minimal CPU usage and high performance.
- IPsec (VTI, XFRMi, Classic): ensures secure communications with optimized encryption and tunneling techniques.
- Tinc and Nebula: offer mesh networking solutions that scale efficiently while maintaining security.
- KVM (Kernel-based Virtual Machine): utilizes hardware virtualization extensions (Intel VT-x and AMD-V) to ensure near-native performance for VMs.
- CPU Pinning: allows binding of VMs to specific CPU cores, reducing context switching and optimizing performance.
- NUMA (Non-Uniform Memory Access) Awareness: Proxmox can optimize memory and CPU allocation across NUMA nodes, improving access times and overall VM performance.
- Resource Limits and Quotas: enable setting limits and quotas for CPU usage, ensuring fair distribution of resources and preventing any single VM from monopolizing CPU resources.
- Dynamic Resource Allocation: Proxmox dynamically adjusts resources based on current workload demands, optimizing CPU and memory usage.
- CPU Hotplug: allows adding CPUs to running VMs without downtime, providing flexibility and scalability.
- Integration with cgroups and namespaces: ensures fine-grained control over resource allocation and container isolation, optimizing CPU usage.
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
Abbreviations
AES | Advanced Encryption Standard |
AH | Authentication Header |
EAP | Extensible Authentication Protocol |
ESP | Encapsulating Security Payload |
GDPR | General Data Protection Regulation |
HW | Hardware |
IETF | Internet Engineering Task Force |
IKE | Internet Key Exchange |
IoT | Internet of Things |
IPsec | IP Security |
ISAKMP | Internet Security Association and Key Management Protocol |
MQTT | Message Queue Telemetry Transport |
NAT | Network Address Translation |
OTP | On-Time Password |
PSK | Pre Shared Key |
PSTN | Public Switched Telephone Network |
RTT | Round Trip Time |
RW | Road Warriors |
SAD | Security Association Database |
SPD | Security Policy Database |
SSL | Secure Sockets Layer |
SW | Software |
TLS | Transport Layer Security |
UTP | Unshielded Twisted Pair |
VPN | Virtual Private Network |
References
- Khanvilkar, S.; Khokhar, A. Virtual private networks: An overview with performance evaluation. IEEE Commun. Mag. 2004, 42, 146–154. [Google Scholar] [CrossRef]
- Alshalan, A.; Pisharody, S.; Huang, D. A survey of mobile VPN technologies. IEEE Commun. Surv. Tutor. 2015, 18, 1177–1196. [Google Scholar] [CrossRef]
- Gentile, A.F.; Fazio, P.; Miceli, G. A Survey on the Implementation and Management of Secure Virtual Private Networks (VPNs) and Virtual LANs (VLANs) in Static and Mobile Scenarios. Telecom 2021, 2, 430–445. [Google Scholar] [CrossRef]
- Troia, S.; Mazzara, M.; Moreira Zorello, L.M.; Maier, G. Performance Evaluation of Overlay Networking for delay-sensitive services in SD-WAN. In Proceedings of the 2021 IEEE International Mediterranean Conference on Communications and Networking (MeditCom), Athens, Greece, 7–10 September 2021; pp. 150–155. [Google Scholar] [CrossRef]
- Farinacci, D. Generic Routing Encapsulation. RFC 2784. 2000. Available online: https://datatracker.ietf.org/doc/rfc2784/ (accessed on 23 June 2024).
- Lammle, T. Virtual Private Networks (VPNs). 2020, pp. 433–450. Available online: https://www.researchgate.net/publication/338788069_Virtual_Private_Networks_VPNs (accessed on 2 June 2024).
- Zhang, L.; Wang, Y.; Liang, S.; Jin, R. Container network architecture and performance analysis of Macvlan and IPvlan. In Proceedings of the 2022 International Conference on Education Innovation and Modern Management (EIMM 2022), Chengdu, China, 16–18 September 2022; Volume 166. [Google Scholar] [CrossRef]
- Mao, H.; Zhu, L.; Qin, H. A Comparative Research on SSL VPN and IPSec VPN. In Proceedings of the 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing, Shanghai, China, 21–23 September 2012; pp. 1–4. [Google Scholar] [CrossRef]
- Thomson, M.; Turner, S. Using TLS to Secure QUIC; Internet-Draft draft-ietf-quic-tls-31, Work in Progress; Internet Engineering Task Force: Fremont, CA, USA, 2019. [Google Scholar]
- Wood, C.A.; Enghardt, R.; Pauly, T.; Perkins, C.; Rose, K. A Survey of Transport Security Protocols; Internet-Draft draft-ietf-taps-transport-security-05, Work in Progress; Internet Engineering Task Force: Fremont, CA, USA, 2019. [Google Scholar]
- Pereira, R.; Beaulieu, S. Extended Authentication within ISAKMP/Oakley (XAUTH); Internet-Draft draft-ietf-ipsec-isakmp-xauth-06, Work in Progress; Internet Engineering Task Force: Fremont, CA, USA, 1999. [Google Scholar]
- Smyslov, V.; Weis, B. Group Key Management Using IKEv2; Internet-Draft draft-ietf-ipsecme-g-ikev2-06, Work in Progress; Internet Engineering Task Force: Fremont, CA, USA, 2022. [Google Scholar]
- Cicirelli, F.; Gentile, A.F.; Greco, E.; Guerrieri, A.; Spezzano, G.; Vinci, A. An Energy Management System at the Edge based on Reinforcement Learning. In Proceedings of the 2020 IEEE/ACM 24th International Symposium on Distributed Simulation and Real Time Applications (DS-RT), Prague, Czech Republic, 14–16 September 2020; pp. 1–8. [Google Scholar] [CrossRef]
- Ezra, P.; Misra, S.; Agrawal, A.; Jonathan, O.; Maskeliunas, R.; Damaševičius, R. Secured Communication Using Virtual Private Network (VPN). In Cyber Security and Digital Forensics; UWE Bristol: Bristol, UK, 2022; pp. 309–319. [Google Scholar] [CrossRef]
- Mahmmod, K.F.; Azeez, M.M.; Ahmed, M.A. IPsec Cryptography for Data Packets Security within VPN Tunneling Networks Communications. In Proceedings of the 2020 International Conference on Electrical Engineering and Informatics (ICELTICs), Aceh, Indonesia, 27–28 October 2020; pp. 1–8. [Google Scholar] [CrossRef]
- Wouters, P. Deprecation of IKEv1 and Obsoleted Algorithms; Internet-Draft draft-ietf-ipsecme-ikev1-algo-to-historic-06, Work in Progress; Internet Engineering Task Force: Fremont, CA, USA, 2022. [Google Scholar]
- Aung, S.T.; Thein, T. Comparative Analysis of Site-to-Site Layer 2 Virtual Private Networks. In Proceedings of the 2020 IEEE Conference on Computer Applications(ICCA), Yangon, Myanmar, 27–28 February 2020; pp. 1–5. [Google Scholar] [CrossRef]
- Gont, F. Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks; RFC 7359; Internet Engineering Task Force: Fremont, CA, USA, 2014. [Google Scholar] [CrossRef]
- Sanchez, D.; García, M.A. A Simple SCCP Tunneling Protocol (SSTP); Internet-Draft draft-sanchez-garcia-SSTP-v1r0-00, Work in Progress; Internet Engineering Task Force: Fremont, CA, USA, 1999. [Google Scholar]
- Patel, D.B.V.; Aboba, D.B.D.; Dixon, W.; Zorn, G. Securing L2TP Using IPSEC; Internet-Draft draft-ietf-pppext-l2tp-security-05, Work in Progress; Internet Engineering Task Force: Fremont, CA, USA, 1999. [Google Scholar]
- Haga, S.; Esmaeily, A.; Kralevska, K.; Gligoroski, D. 5G Network Slice Isolation with WireGuard and Open Source MANO: A VPNaaS Proof-of-Concept. arXiv 2020. [Google Scholar] [CrossRef]
- Ajiya, A.; Idriss, U. Performance Evaluation of IPSEC-VPN on Debian Linux Environment General Terms. 2019. Available online: https://www.researchgate.net/publication/331802877_Performance_Evaluation_of_IPSEC-VPN_on_Debian_Linux_Environment_General_Terms (accessed on 23 June 2024).
- Gentile, A.F.; Macrì, D.; Rango, F.D.; Tropea, M.; Greco, E. A VPN Performances Analysis of Constrained Hardware Open Source Infrastructure Deploy in IoT Environment. Future Internet 2022, 14, 264. [Google Scholar] [CrossRef]
- Sun, S.H. The advantages and the implementation of SSL VPN. In Proceedings of the 2011 IEEE 2nd International Conference on Software Engineering and Service Science, Beijing, China, 15–17 July 2011; pp. 548–551. [Google Scholar] [CrossRef]
- Fei, C.; Kehe, W.; Wei, C.; Qianyuan, Z. The Research and Implementation of the VPN Gateway Based on SSL. In Proceedings of the 2013 International Conference on Computational and Information Sciences, Shiyang, China, 21–23 June 2013; pp. 1376–1379. [Google Scholar] [CrossRef]
- Libreswan. Available online: https://libreswan.org/ (accessed on 20 June 2022).
- Strongswan. Available online: https://www.strongswan.org/ (accessed on 20 June 2022).
- Openwrt. Available online: https://openwrt.org/ (accessed on 20 June 2022).
- Mazoni; Olivo, B.; Pan, A. Internet of Things: State-of-the-art, Computing Paradigms and Reference Architectures. IEEE Lat. Am. Trans. 2022, 20, 49–63. [Google Scholar] [CrossRef]
- Guus, S. Tinc VPN. 2024. Available online: http://www.tinc-vpn.org/git/browse?p=tinc;a=log;h=refs/heads/1.1 (accessed on 23 June 2024).
VPN SOFTWARE MANAGED | VPN DEPLOY | VPN IMPLEMENTERS | OPERATIVE SYSTEMS | PLATFORMS |
---|---|---|---|---|
IPsec LibreSwan 4.15 | Site to Site | IKEv2 PSK TUNNEL IKEv2 PSK TRANSPORT | Linux DEBIAN 12 WINDOWS 10/11 (client) DEBIAN 11/12 (client) ANDROID 11 (client) iOS 16 (client) MAC OS X 14 (client) RASPBERRY Pi 2/3/4 OpenWRT 23.x | armv7 x86 x86-64 ARM64 ARM MIPSBE MMIPS SMIPS PPC |
IPsec LibreSwan 4.15 | Site to Site | IKEv2 XFRMi/VTI ROUTE BASED | Same as above | Same as above |
OpenVPN 2.6.3 | Site to Site | Same as above | armv7 x86 x86-64 | |
Wireguard 1.0.2 | Site to Site | Same as above | armv7 x86 x86-64 ARM64 ARM MIPSBE MMIPS SMIPS PPC | |
Ocserv 1.1.6 | Site to Site | Same as above | armv7 x86 x86-64 | |
Tinc VPN 1.0.3.6 | Site to Site | Same as above | armv7 x86 x86-64 ARM64 ARM MIPSBE MMIPS SMIPS PPC | |
Nebula Overlay VPN 1.6.1 | Site to Site Host to Host | Same as above | armv7 x86 x86-64 ARM64 ARM MIPSBE MMIPS SMIPS PPC |
Hardware | Quantity |
---|---|
Workstation with 12th Gen Intel(R) Core(TM) i7-1280P (Santa Clara, CA, USA)—2.00 GHz, 32GB RAM | 1 |
VMWare VM Debian 12 x86-64 virtualized | 2 |
VMWare VM Alpine Linux Latest x86-64 virtualized | 1 |
VMWare VM OpenWRT 23.x x86-64 virtualized | 1 |
MTU TYPE | MTU SIZE (Bytes) |
---|---|
IP over SONET | 4470 |
Ethernet Jumbo Frames | 9000 |
IP over ATM Ethernet Jumbo Frames | 9180 |
Classic Ethernet | 1500 |
Tunneling Protocol | Header Type | Header Size (Bytes) | Max Header Size (Bytes) |
---|---|---|---|
IPIP | IP | 20 | 20 |
VTI | IP + VTI | 20 + 4 | 24 |
GRE | GRE | 4 + [0…34] | 38 |
GREtap | Ethernet Frame + GRE | 14 + 4 | 18 |
FOU | UDP + IP | 8 + 20 | 28 |
GUE | UDP + GRE | 8 + 4 + [0…34] | 46 |
GENEVE | UDP + IP + GENEVE | 8 + 20 + 10 | 38 |
VXLAN | UDP + IP + VXLAN | 8 + 20 + 8 + [0…16] | 52 |
MACVLAN | Ethernet Frame + MACVLAN | 14 + 4 | 18 |
MACsec | Ethernet Frame + MACsec | 14 + [8…30] | 44 |
VPN TYPE | TRANSPORT LAYER | Default MTU SIZE (Bytes) | Default MSS SIZE (Bytes) |
---|---|---|---|
OpenVPN | TCP/UDP | 1500 bytes | 1450 bytes |
WireGuard | UDP | 1500 bytes | 1450 bytes |
Tinc | UDP | 1500 bytes | 1450 bytes |
Nebula | UDP | 1300 bytes | 1260 bytes |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Gentile, A.F.; Macrì, D.; Greco, E.; Fazio, P. Overlay and Virtual Private Networks Security Performances Analysis with Open Source Infrastructure Deployment. Future Internet 2024, 16, 283. https://doi.org/10.3390/fi16080283
Gentile AF, Macrì D, Greco E, Fazio P. Overlay and Virtual Private Networks Security Performances Analysis with Open Source Infrastructure Deployment. Future Internet. 2024; 16(8):283. https://doi.org/10.3390/fi16080283
Chicago/Turabian StyleGentile, Antonio Francesco, Davide Macrì, Emilio Greco, and Peppino Fazio. 2024. "Overlay and Virtual Private Networks Security Performances Analysis with Open Source Infrastructure Deployment" Future Internet 16, no. 8: 283. https://doi.org/10.3390/fi16080283
APA StyleGentile, A. F., Macrì, D., Greco, E., & Fazio, P. (2024). Overlay and Virtual Private Networks Security Performances Analysis with Open Source Infrastructure Deployment. Future Internet, 16(8), 283. https://doi.org/10.3390/fi16080283