Improving VPN performance over multiple access links

To improve the performance of VPN connections we investigate how the bandwidth of multiple access links can be aggregated with inverse multiplexing to create a single, higher capacity logical communication link. But achieving the maximum possible aggregated TCP throughput becomes extremely challenging if the underlying links either use different technologies (e.g., DSL, cable modem) or suffer different or time-varying communication characteristics (e.g., available bandwidth, packet loss rate). To maximize VPN throughput we have constructed a system that combines two distinct innovations. First, we continuously measure the communication characteristics of the underlying component links in our aggregate and dynamically assign packets to each link in proportion to its available capacity. Second, we modify TCP congestion control across the inverse-multiplexed access hop to avoid rate decreases normally initiated by the delayed acknowledgments often triggered when using legacy TCP on multiple heterogeneous paths. We describe the systempsilas implementation, the test environment we built on Emulab, and show that when access links form the communication bottleneck in the end-to-end connection we can significantly increase VPN performance over conventional approaches.