Development History of VPN Technology

Author: Arade

Along with the sixth great speed-up of China's railway, We are ushered in the advent of the power D era. The high-speed trains provide a fast way for our daily trips and greatly shorten the long journey time.

Similarly, VPN is an important "Railway" for commercial users to establish network connections ". One IPSec VPN is deployed in various regions, and users are connected in different regions. Various application systems, such as OA, ERP, MIS, and CRM, are like a train that passes through the backbone.

Just as passengers often complain about train delays, many users are not satisfied with the speed of VPN. Many application systems are slow in the VPN network and cannot even be used normally, which greatly compromises the effect of VPN.

As the speed of the Chinese railway increases, is the IPSec VPN used to solve the interconnection between networks upgrading and upgrading? I tried to review the technical development of VPN over the past few years and hope to provide you with a VPN progress history:
First Acceleration

Data Compression and encapsulation are the first major acceleration of IPSec VPN. The traditional IPSec VPN re-encrypts and encapsulates plaintext data packets and introduces new redundant data. As a result, the transmission efficiency of the traditional IPSec VPN is only 70%-80% of the plaintext transmission efficiency, this affects the user access experience. After using the traditional IPSec VPN, the user feels "the network speed is slowing down ". However, by compressing the data and headers at the application layer, the transmission performance of the IPSec VPN is much faster than that of the physical bandwidth, especially when files such as documents and reports are transmitted, the transmission efficiency is greatly improved. The user feels that the network speed is faster ".

Currently, data compression and encapsulation technologies have been popularized in many innovative IPSec VPN technologies, such as Cisco LZS compression technology and Sangfor LZO technology, the file transmission efficiency is increased by 10%-30%, and the acceleration effect is obvious compared with other VPNs without relevant technologies.
Second Acceleration

Multi-line multiplexing and smart routing technology enable a second acceleration for the VPN network. Multi-line multiplexing technology means that some VPN devices can support multiple Wan lines at the same time. For example, users can apply for two or four 2 m ADSL lines at the same time, at a low cost, the Internet bandwidth is 4-10 m. By bundling multiple lines into a high-bandwidth line, the multiplexing technology provides bandwidth assurance for users. At the same time, the multi-line backup technology can ensure the high availability of the line. Even if one or more lines fail, as long as one line is smooth, the user's business will not be interrupted.

In addition, some users' branches are located all over the country. However, due to the restrictions of China's North-South Telecom, their branches located in the North can only apply for China Netcom lines, while those in the south can only apply for China Telecom lines. Intelligent Routing technology provides a solution to this problem. You only need to apply for two lines of China Telecom and China Netcom at the Headquarters and implement them through the smart routing technology of VPN. When the branch is connecting to the headquarters for VPN, you can intelligently select the corresponding line of the Headquarters for access, and the data packets sent back from the Headquarters network will also be returned from the fastest line. Without the need to purchase specialized Server Load balancer equipment, users can increase the network access speed across carriers and solve the bandwidth bottleneck problem of interconnection between China Southern Telecom and North China Netcom.

However, this technology cannot solve all problems. First, some users can only apply for one carrier line at the headquarters, which is common in some provinces and cities. In addition, the application for multiple lines incurs additional costs.

Can I solve the speed problem between China North and South Telecom without applying for any additional lines? Not long ago, a new technology was born, and it is likely to trigger a speed revolution in the VPN field.

Third Acceleration

Technically, most data transmission over the Internet is achieved through the TCP protocol. TCP is a connection-oriented protocol. For each data packet sent from the source end, it needs to receive the confirmation data packet returned by the target end to ensure the reliability of data transmission. With the help of the TCP Window transmission mechanism, the TCP protocol operates smoothly in a network environment with high bandwidth and low latency, such as a LAN. However, when cross-carrier transmission, such as communication between China Telecom and China Netcom, or from Mainland China to Hong Kong, Macao, Taiwan, or other countries outside China, the packet loss rate between carriers is frequent, even if the bandwidth at both ends of the network is sufficient, the transmission performance will be greatly reduced.

We know that packet loss has a huge impact on the efficiency of TCP protocol. Even for 10 m public network lines, when the packet loss rate reaches 1%, the actual available bandwidth is less than M. for users, the network speed has slowed down to an intolerable level. For enterprise users, the enterprise has already paid a huge fee for the public network cable. However, due to packet loss and other problems, the bandwidth is not guaranteed and the investment income is very low.

The D series VPN product that is deeply convinced to support the Flash Link technology is a product specifically developed for cross-carrier networking issues. On the Internet, users establish an encrypted tunnel through the VPN device. The Flash Link technology re-encapsulates the data in the tunnel and uses the FLK protocol to replace the TCP protocol for data transmission, in the extended tunnel, the FLK protocol is restored to the TCP protocol. Because the sliding window is optimized and the retransmission mechanism is improved, the FLK protocol is very suitable for environments with severe packet loss, such as cross-carrier data transmission, this allows your network applications to experience well in harsh network environments. At the same time, the FLK protocol is an extension of the TCP protocol, which is mainly optimized in the data section of the data packet. On the one hand, the D series VPN can transmit and communicate over the Internet through the FLK Protocol, and on the other hand, because of the general protocol headers, the FLK protocol can smoothly penetrate the NAT device, which ensures that the D series VPN devices can communicate normally regardless of the location on the Intranet.

The D series VPN greatly improves cross-carrier transmission for applications including C/S, B/S, and VoIP. Through the D series VPN Network on the Internet, the interconnection speed between the Telecom and China Netcom can be 2-5 times faster than before the acceleration, the effect is very good.

As an important device deployed on users' cutting-edge networks, VPN is responsible for Connecting Local Networks and protecting application data. How to choose a VPN that is technically advanced and can solve users' actual problems, it has plagued many users. This article hopes to provide a reference for all users who are interested in VPN technology through the introduction of VPN technology trends to facilitate our selection.