Sitemap   Search   Contact Hifn  
Home      Company Info      Technology      Products      Sales      Support
    Home : Technology : LZS Compression
LZS Compression

Applications

WiMAX

 

Hifn Technology

HIPP

HIPP II

HIPP III

HSP

LZS Compression

Flow Classification

Pattern Matching
 
Compressing data

From Telephony Magazine
 

Virtual private network data compression is vital for improved throughput

- Jonathon Corgan*


Related Products
Related Documents
LZS TLS White Paper
How LZS Data Compression Works


Network service providers and enterprise network managers face the same sticky problem: how to overcome bottlenecks to increase throughput of information over virtual private networks (VPNs). Bandwidth bottlenecks typically occur at points of traffic concentration.

A significant amount of VPN bandwidth originates either from telecommuters and mobile workers or from branch offices or business partners. Sometimes, the bottleneck occurs at a server farm located at an application or network service provider. But wherever high concentrations of VPN traffic occur, a significant load is placed on the processing devices.

Effectively, the load placed on a networking device or a VPN is the total amount of IPSec bandwidth needing to be processed. This bandwidth is the number of traffic packets per second that need to be encrypted and authenticated and the number of individual user sessions that need to be maintained. In addition to the total traffic load, the maintenance of each individual user session -- for example, for each remote worker -- places an additional overhead on the system, and contributes overall to the amount of processing that can be sustained.

The processing requirements of VPNs are significant relative to traditional WAN networking, or even IP networking, that doesn't involve the various functions and technologies of a VPN. The encryption, packet authentication, and packet compression of a VPN can entail 50 or even 100 times more work per packet than processing over a non-VPN WAN (Figure 1). Clearly, then the overall performance of a system, and in particular, the ability of devices at the boundaries of a VPN to process the VPN traffic, will be heavily influenced by their having the horsepower to implement these computationally intensive functions.

In addition, data compression is a vital element in VPN services for making data packets as small as possible. Compression is not a cryptographic function like encryption and authentication. However, it is highly desirable for VPNs that use IPsec encryption and/or authentication.

To the service provider, data compression provides four primary benefits, which in turn, are passed on to the VPN user.

· First, compressed packets consume less bandwidth.
· Next, compression reduces the latency of packets as they traverse the network, since packet length is shorter.
· Thirdly, performance is significantly enhanced.
· And lastly, applying compression to the data before it is encrypted improves its resistance to cryptanalysis. Cryptanalysis is the process of attempting to find a shortcut method, not envisioned by the designer, for decrypting an encrypted message when the key used to encrypt the message is not known.

When IP data is being encrypted or authenticated according to the IPsec standard, header information must be added to the original IP packet. This increases the size of the packet and often splits or fragments a packet into two parts. As will be discussed later in more detail, enlarged packets, beyond the normal size of negotiated maximum transmission units (MTU) can degrade performance because of the additional header bytes and subsequent packet fragmentation.

On the other hand, by compressing IP packets, a VPN system can minimize or avoid this performance loss. However, it is important to know that once data is encrypted, the ability to compress it is virtually zero.

Performance Hits

When IP security is applied to a data packet, the packet grows in length. An Ethernet packet, for instance, is 1500 bytes. Once it is encrypted, it becomes larger than the 1500 bytes.

Once the packet is enlarged, it is no longer possible to transmit it through the network. Hence, it is split into two packets, a process known as IP fragmentation. As shown in Figure 2, the original packet may be 1490 bytes. It increases to 1544 bytes after new IP and Encapsulation Security Payload (ESP) headers, trailer information, and MAC value are added, thus increasing the original packet by 54 bytes. Consequently, the original packet must be split or fragmented into two packets. This fragmentation adds complexity and increases the chances of packet loss since losing a single fragment means losing the whole packet.

The receiving node collects all

In Hifn's LZS compression, the repetitive characters must be within about 2,000 characters (2,048 bytes) of each other. It is true that if Hifn used a larger chunk of text it would achieve more compression, but it would also slow down the process.

The strength of LZS is that it produces an optimum combination of compression and performance. LZS achieves "lossless compression" which simply means no data is lost during compression and decompression. Lossless compression reduces data typically by about 1/2 - but nothing is ever lost. With LZS, customers achieve acceleration without deterioration.

*Jonathon Corgan is VPN Business Staff Consultant, VPNet Technologies, Inc.