Point of View: How VPN access technology meets bandwidth challenges

At present, VPN access technology is developing rapidly and faces many challenges. So I have studied how VPN access technology can cope with bandwidth challenges. I would like to share with you here, I hope it will be useful to you. VPN (Virtual Private Network) access technology is of great help and considerable economic significance for large cross-regional enterprises to use ERP, MRP and other information management systems simultaneously, however, due to traffic restrictions, VPN access technology is also facing a problem where the network bandwidth is in short supply. Many enterprises now use the ADSL Network access method, due to technical restrictions on the ADSL line, the uplink speed of a single line can only reach several hundred kb. If it is an enterprise information system with a large amount of data, the information flow is required to be bidirectional, the speed of both upload and download operations is fast, so a single ADSL may not be able to cope with the problem. As a result, a technology that can not only change the original ADSL line, but also effectively improve the performance of the VPN access technology system is eager to use multi-channel bundling, which is now very mature in China.

Benefits

Multi-line bundling technology not only helps users greatly increase bandwidth and network speed, but also enhances system stability and facilitates network operation and maintenance. Currently, most VPN access technology systems use a line at the headquarters to handle data volumes from several or even dozens of branches and mobile users. Especially in asymmetric lines similar to ADSL, the uplink bandwidth is originally narrow, resulting in overwhelmed data volume at the headquarters. To solve the bandwidth imbalance problem, some enterprises have to apply for high-speed dedicated lines at their headquarters, which is costly. VPN access technology supports line binding in different ways. Users can apply for Multiple Dynamic IP addresses for ADSL Internet connections, or apply for ADSL and other broadband lines or even wireless connections. Through the multi-line Firewall/NAT module, multiple lines can also access the Internet, doubling the speed of accessing the Internet.

Another advantage of multi-line bundling is that if a single line is interrupted, the entire system will be paralyzed. The stability of the VPN system depends on the stability of the line itself. Through multi-line bundling technology, especially for lines in different ways, data can be seamlessly switched to other normal lines when any line fails, ensuring the continuous and reliable operation of the entire system. Excellent VPN access technology routes further implement QOS Management for multiple Internet lines, and intelligently allocate loads based on bandwidth conditions of different lines to maximize bandwidth utilization.

Problem

On the surface, multi-line bundling seems to be an ideal technology, but there are still many difficulties to implement it. Data must be transmitted on multiple lines at the same time. How can we ensure that the same business data is still not affected when it is distributed to different lines? For example, when sending video data, there are too many Internet lines. at the receiving end, the Data Transmission sequence must be accurate and valid, and can be restored to the status before sending.

Line interruption and recovery are also a problem that must be solved. Once a line fails, the data carried must be seamlessly switched to other lines without affecting the business. Similarly, after the line is restored, you must be able to establish a VPN access technical tunnel on the newly recovered line and re-adjust the load balancing policy. Due to the diversity of Internet connection methods, users tend to apply for lines from different carriers to further enhance system stability, there will be different ways of Internet lines (such as ADSL, broadband, DDN, etc.) need to be able to bundle and stack bandwidth.

Combination

You can bind multiple lines on a vro in multiple ways: bind multiple ADSL lines, bind multiple optical fiber lines, and bind the optical fiber lines with the ADSL lines. This bundle is a bandwidth addition bundle, rather than backing up lines. Some products have the following parameters: Multi-channel bundling is supported, and mutual backup is also supported ......" In fact, this sentence should be separated, because two ADSL lines cannot implement mutual backup when using the multi-channel binding mode, just as the Raid 1 backup cannot be implemented when two hard disks are accelerated using RAID 0. From the perspective of actual application, after the two lines are bundled, the upstream and downstream traffic cannot reach the effect of 1 + 1 = 2. The same applies to more than 2 lines, the reasons are as follows:

When each packet is transmitted, it must first select one of the lines. The selection process is the scheduling and allocation process of the router, the router allocates each packet to a line according to certain conditions (this condition is usually not fixed) according to the preset algorithm. This process will occupy the CPU resources of the router, it takes a certain amount of time. Of course, the time consumed is very short, but the time consumed by a large number of data packets is considerable. In addition, the processing capability of low-end routers is still relatively limited, therefore, the consumption of such resources cannot be ignored. If you bind two 2 m lines and a 4 m line for comparison, you will find that the two 2 m lines bound will not be faster than the 4 m line, one important factor is the scheduling of data packets on the vro, which delays the data forwarding time.

The size of the RAID0 array depends on the hard disk with a small size, because the data is read and written on both hard disks at the same time; in the VPN access technology, there is a similar situation in multi-channel bundling-if the bandwidth of the two lines is different, that is, the bandwidth of one line is larger and the bandwidth of the other line is smaller, then the situation is more complicated. Because if the route still distributes data packets to two lines at a ratio of, it will cause the line with a large bandwidth to be sent when the bandwidth is small, therefore, a line with a large bandwidth needs to wait for a line with a small bandwidth, which will reduce the efficiency. Therefore, many vrouters that support Asymmetric Multi-Channel bundling are allowed to set the proportion of router scheduling allocation, for example, when you connect a 1 Mbit/s ADSL to a 2 Mbit/s ADSL, you can set this ratio to so that the bandwidth of the two lines can be fully utilized. Of course, because the ratio of data distribution is not perfect:, and the actual traffic of the two lines is not accurate:, broadband resources are still not fully utilized, therefore, the actual effect after the two ADSL lines are bound at 1 m and 2 m is still less than that of the 3 m line. If the two lines are bundled, the bandwidth obtained during the download and upload operations is actually different, because when the two lines are uploaded, data is transmitted simultaneously, which can be understood as 1 + 1 = 2; however, when downloading, the other party does not know which line you have bound and cannot control the transmission of data packets, therefore, each time the packets from the other party are sent, one of the lines undertakes the receiving task. In this case, the effect of bundling two 1 M lines is about 1 M, that is, 1 + 1 = 1. Therefore, it is not correct to simply consider the multi-channel bundling as the superposition of bandwidth.

Security

When multiple lines are connected at the same time, the LAN also faces multiple channels connected to the Internet. This provides more opportunities for various network attacks and viruses. Therefore, many VPN access technology routes are directly integrated with professional firewall functions, it not only supports bundling multiple lines to access the Internet, but also intelligently and dynamically allocates bandwidth to defend against attacks from multiple lines.

Because the structure of many VPN access technology networks is very large, the internal Member permission issue is also very complicated, therefore, some excellent VPN products can strictly and in detail limit accessible resources accessed by members to eliminate these security risks. For example, the Sinfor DLAN solution can set different access permissions for each user. For example, some users can only access the inventory system of the headquarters, but cannot access the financial system, different VPN access technology users can set access permissions for different resources to avoid security risks caused by excessive permissions of VPN access technology users.