Research And Implementation Of High Performance VPN Gateway Based On DPDK

Comparing with dedicated Virtual Private Network(VPN)gateway device,software VPN gateway deployed on a generic server has an advantage in price,flexibility and adaptability to new technologies.Therefore,it has great significance to improve its perforemance to deal with increasing VPN traffic.This paper dedicates to improve performance of software VPN gateway by increasing its throughput,packet forwarding rate and reducing its latency.First of all,to solve inefficent network processing problem of generic server kernel,this paper studies the application of Data Plane Development Kit(DPDK)and userspace protocol stack in VPN gateway.Comparing with the traditional method,this paper designs a DPDK-based framework for software VPN gateway which implements userspace driver,uses poll mode to receive and send packets,creates its custom userspace stack and implements connection forwarding function and proxy forwarding function in userspace.To implement connection forwarding function in userspace,this paper optimizes the Patricia tree based routing lookup algorithm by removing the opration for mask so that the lookup ends when the leaf is found and does not need backtracing.The optimized algorithm is more suitable for VPN routing lookup.The expriments show that the algorithm is flexible and faster under a condition that a few users disperse to many network segments.Then,this paper proposes a improved method for this algorithm based on the features of VPN gateway.The method is dividing the searching into two stages.The first stage is to find network segment by using the Patricia tree.The second stage is to find the target virtual IP by using a hash table.The expriments show the method has a higher performance under a condition that a lot users concentrate in a few network segments.To implement proxy forwarding function in userspace,this paper studies userspace network address translation(NAT).This paper describes the core of the NAT by mapping and proposes a NAT core algorithm.On the basis of the algorithm,this paper designs a userspace NAT implementation which records the NAT rules by two hash tables,implements source address translation for outgoing packets,implements destination address translation for ingoing packets and implements timeout removing for NAT rules.The BPHash is chosen as its hash function by an expriment.Then,a test is made and verifies that the design can implement the function of userspace NAT.Finally,on the basis of the researches above,this paper designs and implements a software VPN gateway based on DPDK and tests it with other five software VPN gateways.The test results show that the performance of software VPN gateway based on DPDK is superior to other five software VPN gateways in system thoughput,packet forwarding rate and transmission latency,especially under the circumstance of short packet payload.