Full‐mesh VPN performance evaluation for a secure edge‐cloud continuum

The recent introduction of full‐mesh virtual private network (VPN) solutions which offer near native performance, coupled with modern encryption algorithms and easy scalability as a result of a central control plane have a strong potential to enable the implementation of a seamless edge‐cloud contin...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Software, practice & experience practice & experience, 2024-08, Vol.54 (8), p.1543-1564
Hauptverfasser: Kjorveziroski, Vojdan, Bernad, Cristina, Gilly, Katja, Filiposka, Sonja
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1564
container_issue 8
container_start_page 1543
container_title Software, practice & experience
container_volume 54
creator Kjorveziroski, Vojdan
Bernad, Cristina
Gilly, Katja
Filiposka, Sonja
description The recent introduction of full‐mesh virtual private network (VPN) solutions which offer near native performance, coupled with modern encryption algorithms and easy scalability as a result of a central control plane have a strong potential to enable the implementation of a seamless edge‐cloud continuum. To test the performance of existing solutions in this domain, we present a framework consisted of both essential and optional features that full‐mesh VPN solutions need to support before they can be used for interconnecting geographically dispersed compute nodes. We then apply this framework on existing offerings and select three VPN solutions for further tests: Headscale, Netbird, and ZeroTier. We evaluate their features in the context of establishing an underlay network on top of which a Kubernetes overlay network can be created. We test pod‐to‐pod TCP and UDP throughput as well as Kubernetes application programming interface (API) response times, in multiple scenarios, accounting for adverse network conditions such as packet loss or packet delay. Based on the obtained measurement results and through analysis of the underlying strengths and weaknesses of the individual implementations, we draw conclusions on the preferred VPN solution depending on the use‐case at hand, striking a balance between usability and performance.
doi_str_mv 10.1002/spe.3329
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_3075906486</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3075906486</sourcerecordid><originalsourceid>FETCH-LOGICAL-c3279-9fedeeb616490fc1e22d1e8966e202cda177cb0f7fc87c921a50c3d3bd3a061b3</originalsourceid><addsrcrecordid>eNp1kMtKAzEUhoMoWKvgIwy4cTP1JJlmJkspbVWKFrzgLmQyZ3TK3EwapTsfwWf0SUytW1cHfr7_HM5HyCmFEQVgF67HEedM7pEBBZnGwJLnfTIA4FkMIkkOyZFzKwBKx0wMyM3M1_X351eD7jV6Wt5GPdqys41uDUb4rmuv11XXRiGLdOTQeBvy4gVDx9SdLyLTteuq9b45Jgelrh2e_M0heZxNHyZX8eJufj25XMSGs1TGssQCMRdUJBJKQ5GxgmImhUAGzBSapqnJoUxLk6VGMqrHYHjB84JrEDTnQ3K229vb7s2jW6tV520bTioO6ViGLzMRqPMdZWznnMVS9bZqtN0oCmprSgVTamsqoPEO_ahq3PzLqfvl9Jf_AVoQbBQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3075906486</pqid></control><display><type>article</type><title>Full‐mesh VPN performance evaluation for a secure edge‐cloud continuum</title><source>Access via Wiley Online Library</source><creator>Kjorveziroski, Vojdan ; Bernad, Cristina ; Gilly, Katja ; Filiposka, Sonja</creator><creatorcontrib>Kjorveziroski, Vojdan ; Bernad, Cristina ; Gilly, Katja ; Filiposka, Sonja</creatorcontrib><description>The recent introduction of full‐mesh virtual private network (VPN) solutions which offer near native performance, coupled with modern encryption algorithms and easy scalability as a result of a central control plane have a strong potential to enable the implementation of a seamless edge‐cloud continuum. To test the performance of existing solutions in this domain, we present a framework consisted of both essential and optional features that full‐mesh VPN solutions need to support before they can be used for interconnecting geographically dispersed compute nodes. We then apply this framework on existing offerings and select three VPN solutions for further tests: Headscale, Netbird, and ZeroTier. We evaluate their features in the context of establishing an underlay network on top of which a Kubernetes overlay network can be created. We test pod‐to‐pod TCP and UDP throughput as well as Kubernetes application programming interface (API) response times, in multiple scenarios, accounting for adverse network conditions such as packet loss or packet delay. Based on the obtained measurement results and through analysis of the underlying strengths and weaknesses of the individual implementations, we draw conclusions on the preferred VPN solution depending on the use‐case at hand, striking a balance between usability and performance.</description><identifier>ISSN: 0038-0644</identifier><identifier>EISSN: 1097-024X</identifier><identifier>DOI: 10.1002/spe.3329</identifier><language>eng</language><publisher>Bognor Regis: Wiley Subscription Services, Inc</publisher><subject>Algorithms ; Application programming interface ; edge‐cloud continuum ; Kubernetes ; orchestration ; Performance evaluation ; Virtual private networks ; Wireguard ; ZeroTier</subject><ispartof>Software, practice &amp; experience, 2024-08, Vol.54 (8), p.1543-1564</ispartof><rights>2024 The Authors. published by John Wiley &amp; Sons Ltd.</rights><rights>2024. This article is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c3279-9fedeeb616490fc1e22d1e8966e202cda177cb0f7fc87c921a50c3d3bd3a061b3</citedby><cites>FETCH-LOGICAL-c3279-9fedeeb616490fc1e22d1e8966e202cda177cb0f7fc87c921a50c3d3bd3a061b3</cites><orcidid>0000-0003-0419-4300 ; 0000-0001-9537-415X ; 0000-0002-8985-0639 ; 0000-0003-0034-2855</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://onlinelibrary.wiley.com/doi/pdf/10.1002%2Fspe.3329$$EPDF$$P50$$Gwiley$$Hfree_for_read</linktopdf><linktohtml>$$Uhttps://onlinelibrary.wiley.com/doi/full/10.1002%2Fspe.3329$$EHTML$$P50$$Gwiley$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,1417,27924,27925,45574,45575</link.rule.ids></links><search><creatorcontrib>Kjorveziroski, Vojdan</creatorcontrib><creatorcontrib>Bernad, Cristina</creatorcontrib><creatorcontrib>Gilly, Katja</creatorcontrib><creatorcontrib>Filiposka, Sonja</creatorcontrib><title>Full‐mesh VPN performance evaluation for a secure edge‐cloud continuum</title><title>Software, practice &amp; experience</title><description>The recent introduction of full‐mesh virtual private network (VPN) solutions which offer near native performance, coupled with modern encryption algorithms and easy scalability as a result of a central control plane have a strong potential to enable the implementation of a seamless edge‐cloud continuum. To test the performance of existing solutions in this domain, we present a framework consisted of both essential and optional features that full‐mesh VPN solutions need to support before they can be used for interconnecting geographically dispersed compute nodes. We then apply this framework on existing offerings and select three VPN solutions for further tests: Headscale, Netbird, and ZeroTier. We evaluate their features in the context of establishing an underlay network on top of which a Kubernetes overlay network can be created. We test pod‐to‐pod TCP and UDP throughput as well as Kubernetes application programming interface (API) response times, in multiple scenarios, accounting for adverse network conditions such as packet loss or packet delay. Based on the obtained measurement results and through analysis of the underlying strengths and weaknesses of the individual implementations, we draw conclusions on the preferred VPN solution depending on the use‐case at hand, striking a balance between usability and performance.</description><subject>Algorithms</subject><subject>Application programming interface</subject><subject>edge‐cloud continuum</subject><subject>Kubernetes</subject><subject>orchestration</subject><subject>Performance evaluation</subject><subject>Virtual private networks</subject><subject>Wireguard</subject><subject>ZeroTier</subject><issn>0038-0644</issn><issn>1097-024X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>24P</sourceid><sourceid>WIN</sourceid><recordid>eNp1kMtKAzEUhoMoWKvgIwy4cTP1JJlmJkspbVWKFrzgLmQyZ3TK3EwapTsfwWf0SUytW1cHfr7_HM5HyCmFEQVgF67HEedM7pEBBZnGwJLnfTIA4FkMIkkOyZFzKwBKx0wMyM3M1_X351eD7jV6Wt5GPdqys41uDUb4rmuv11XXRiGLdOTQeBvy4gVDx9SdLyLTteuq9b45Jgelrh2e_M0heZxNHyZX8eJufj25XMSGs1TGssQCMRdUJBJKQ5GxgmImhUAGzBSapqnJoUxLk6VGMqrHYHjB84JrEDTnQ3K229vb7s2jW6tV520bTioO6ViGLzMRqPMdZWznnMVS9bZqtN0oCmprSgVTamsqoPEO_ahq3PzLqfvl9Jf_AVoQbBQ</recordid><startdate>202408</startdate><enddate>202408</enddate><creator>Kjorveziroski, Vojdan</creator><creator>Bernad, Cristina</creator><creator>Gilly, Katja</creator><creator>Filiposka, Sonja</creator><general>Wiley Subscription Services, Inc</general><scope>24P</scope><scope>WIN</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-0419-4300</orcidid><orcidid>https://orcid.org/0000-0001-9537-415X</orcidid><orcidid>https://orcid.org/0000-0002-8985-0639</orcidid><orcidid>https://orcid.org/0000-0003-0034-2855</orcidid></search><sort><creationdate>202408</creationdate><title>Full‐mesh VPN performance evaluation for a secure edge‐cloud continuum</title><author>Kjorveziroski, Vojdan ; Bernad, Cristina ; Gilly, Katja ; Filiposka, Sonja</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c3279-9fedeeb616490fc1e22d1e8966e202cda177cb0f7fc87c921a50c3d3bd3a061b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Algorithms</topic><topic>Application programming interface</topic><topic>edge‐cloud continuum</topic><topic>Kubernetes</topic><topic>orchestration</topic><topic>Performance evaluation</topic><topic>Virtual private networks</topic><topic>Wireguard</topic><topic>ZeroTier</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Kjorveziroski, Vojdan</creatorcontrib><creatorcontrib>Bernad, Cristina</creatorcontrib><creatorcontrib>Gilly, Katja</creatorcontrib><creatorcontrib>Filiposka, Sonja</creatorcontrib><collection>Wiley Online Library (Open Access Collection)</collection><collection>Wiley Online Library Free Content</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology &amp; Engineering</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Software, practice &amp; experience</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kjorveziroski, Vojdan</au><au>Bernad, Cristina</au><au>Gilly, Katja</au><au>Filiposka, Sonja</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Full‐mesh VPN performance evaluation for a secure edge‐cloud continuum</atitle><jtitle>Software, practice &amp; experience</jtitle><date>2024-08</date><risdate>2024</risdate><volume>54</volume><issue>8</issue><spage>1543</spage><epage>1564</epage><pages>1543-1564</pages><issn>0038-0644</issn><eissn>1097-024X</eissn><abstract>The recent introduction of full‐mesh virtual private network (VPN) solutions which offer near native performance, coupled with modern encryption algorithms and easy scalability as a result of a central control plane have a strong potential to enable the implementation of a seamless edge‐cloud continuum. To test the performance of existing solutions in this domain, we present a framework consisted of both essential and optional features that full‐mesh VPN solutions need to support before they can be used for interconnecting geographically dispersed compute nodes. We then apply this framework on existing offerings and select three VPN solutions for further tests: Headscale, Netbird, and ZeroTier. We evaluate their features in the context of establishing an underlay network on top of which a Kubernetes overlay network can be created. We test pod‐to‐pod TCP and UDP throughput as well as Kubernetes application programming interface (API) response times, in multiple scenarios, accounting for adverse network conditions such as packet loss or packet delay. Based on the obtained measurement results and through analysis of the underlying strengths and weaknesses of the individual implementations, we draw conclusions on the preferred VPN solution depending on the use‐case at hand, striking a balance between usability and performance.</abstract><cop>Bognor Regis</cop><pub>Wiley Subscription Services, Inc</pub><doi>10.1002/spe.3329</doi><tpages>20</tpages><orcidid>https://orcid.org/0000-0003-0419-4300</orcidid><orcidid>https://orcid.org/0000-0001-9537-415X</orcidid><orcidid>https://orcid.org/0000-0002-8985-0639</orcidid><orcidid>https://orcid.org/0000-0003-0034-2855</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0038-0644
ispartof Software, practice & experience, 2024-08, Vol.54 (8), p.1543-1564
issn 0038-0644
1097-024X
language eng
recordid cdi_proquest_journals_3075906486
source Access via Wiley Online Library
subjects Algorithms
Application programming interface
edge‐cloud continuum
Kubernetes
orchestration
Performance evaluation
Virtual private networks
Wireguard
ZeroTier
title Full‐mesh VPN performance evaluation for a secure edge‐cloud continuum
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T03%3A54%3A52IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Full%E2%80%90mesh%20VPN%20performance%20evaluation%20for%20a%20secure%20edge%E2%80%90cloud%20continuum&rft.jtitle=Software,%20practice%20&%20experience&rft.au=Kjorveziroski,%20Vojdan&rft.date=2024-08&rft.volume=54&rft.issue=8&rft.spage=1543&rft.epage=1564&rft.pages=1543-1564&rft.issn=0038-0644&rft.eissn=1097-024X&rft_id=info:doi/10.1002/spe.3329&rft_dat=%3Cproquest_cross%3E3075906486%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3075906486&rft_id=info:pmid/&rfr_iscdi=true