• remote business
• oil, gas & mining
• communities
• travel destinations
• cafés

• the difference
• how it works
• equipment
• solutions
  • stationary
  • mobile/portable
  • business continuity
  • point-to-multipoint
  • VPN
    • end-to-end VPN
    • hosted SuperVPN
  • VoIP
  • custom
  • satellite for Mac & Linux
  • e-rate
  • data center co-location
  • telemedicine solutions
• coverage
• plans
• 24/7 support
• contact
• customer login
• webmail login
• news
• president's blog

• ARRA broadband stimulus plan

Call Skycasters today

If calling from outside
the U.S. please dial
330-752-0272

Real VPN Security on Satellite Internet

about VPNs | end-to-end VPN | hosted SuperVPN

Virtual Private Networks consist of two or more computers or networks of computers that communicate securely with each other across an unsecured or public network such as the Internet. VPNs are established by using compatible encryption and decryption hardware or software at each end of the connection.

For various reasons, there is a constantly growing requirement from the business and government sectors to provide secure broadband data connections to their remote locations, including employee residences.

Secure access at useful speed is not available with traditional dialup access and faster solutions are in ever increasing demand. While DSL and Cable Internet are clearly the most cost effective solutions, DSL and cable do not reach approximately one-third of the remote locations that seek broadband service.

Two-way satellite Internet service is fast and reliable. It works very well for browsing, email, and most other Internet applications. The increasing need for broadband services combined with very affordable solutions is driving demand for satellite services across North America. However VPN has typically had a much lower performance (>70% degradation) than traditional web browsing or email over the same satellite link due to factors discussed herein.

Background

In order to perform properly in conjunction with traditional terrestrial networks (Internet, intranet), satellite data networks must employ special techniques to deal with the increased latency caused by the 46,000-mile space segment of the connection. The increased latency is induced by the extra milliseconds required for data to travel the extra distance. While not related directly to speed, latency can cause a severe speed performance problem over satellite links if not handled properly.

TCP/IP is the “language” of the Internet. It works by sending packets of data, and then waiting for acknowledgments of receipt. These acknowledgments signal the sender to transmit more packets. If an acknowledgement does not arrive in a timely manner, TCP assumes the packet was lost or discarded due to network congestion and the packet is resent. TCP then slows the speed at which packets are being sent in order to avoid retransmission.

TCP works by starting a TCP/IP session slowly. Speed builds as the networks capacity to carry traffic is verified by the rate of the acknowledgments. This effect is known as slow-start. Since TCP was designed for terrestrial networks that have less latency than a satellite network, the longer satellite latency (650-700ms range for the Skycasters network) causes TCP to expect an acknowledgment before the round trip to the remote site can be completed. TCP interprets the additional satellite link latency as network congestion. If uncorrected, this effect causes all additional packets to be sent at the slow-start rate.

In all current-generation satellite data networks IP acceleration (IP spoofing) compensates for the space-link transit time. Spoofing is accomplished by special equipment at the carrier’s main satellite hub site. This equipment masquerades itself so as to appear as if it were the remote location, while acting as a relay or forwarder for data packets going to and from the remote satellite location. When the spoofing equipment receives Internet traffic destined for a remote satellite location, it acknowledges receipt of the packet so more data packets will follow immediately. In this manner, the latency is “hidden” because the acknowledgments are returned rapidly. As a result, TCP moves out of slow-start mode quickly and builds to the highest possible speed.

The acceleration equipment watches for real acknowledgements coming back from the remote site and suppresses them. If the acknowledgement is not received from the remote site, the system automatically re-sends the packet from its buffer. Thus, satellite-connected sites communicate seamlessly with servers on the terrestrial Internet.

In a VPN-over-satellite session, the packets are encrypted and, therefore, can only be acknowledged by the VPN client software at the remote site – not by the spoofing equipment. Spoofing is bypassed. Consequently, acknowledgments are delayed and the slow-start data rate remains in place during the entire session. This results in substantial performance degradation. VPN over satellite may be approximately as fast dial-up, but is not the robust multi-user broadband experienced when web browsing or using email over the same satellite link.

There are several solutions available to provide the security of the VPN, while maintaining the performance of the unencrypted link.

Please review the Encore & Hosted VPN pages for a full review of these solutions, or contact us to discuss your unique situation with a Sales Engineer.

about VPNs | end-to-end VPN | hosted SuperVPN

• home
• equipment warranty
• subscriber agreement
• site map
• privacy policy
• usage terms
• links

Please read these Terms and Policies before using this site
Copyright © 2001-2010 Skycasters®, LLC. All rights reserved