Add Results.tex for baseline profile
This commit is contained in:
@@ -23,9 +23,9 @@ reproducible.
|
||||
Peer-to-peer architectures promise censorship-resistant, fault-tolerant
|
||||
infrastructure by eliminating single points of failure
|
||||
\cite{shukla_towards_2021}.
|
||||
These architectures underpin a growing range of systems---from IoT
|
||||
edge computing
|
||||
and content delivery networks to blockchain platforms like Ethereum.
|
||||
These architectures underpin a growing range of systems, from IoT
|
||||
edge computing and content delivery networks to blockchain platforms
|
||||
like Ethereum.
|
||||
Yet realizing these benefits requires distributing nodes across
|
||||
genuinely diverse hosting entities.
|
||||
|
||||
@@ -69,16 +69,15 @@ mesh VPNs enable direct peer-to-peer connectivity without requiring
|
||||
static IP addresses or manual firewall configuration.
|
||||
Each node receives a stable virtual address within the overlay network,
|
||||
regardless of its underlying network topology.
|
||||
This capability is transformative:
|
||||
it allows a device behind consumer-grade NAT to participate
|
||||
as a first-class peer in a distributed system,
|
||||
In practice, this means a device behind consumer-grade NAT can
|
||||
participate as a first-class peer in a distributed system,
|
||||
removing the primary technical advantage that cloud providers hold.
|
||||
|
||||
The Clan deployment framework builds on this foundation.
|
||||
Clan leverages Nix and NixOS to eliminate entire classes of
|
||||
configuration errors prevalent in contemporary infrastructure deployment,
|
||||
reducing operational overhead to a degree where a single administrator
|
||||
can reliably self-host complex distributed services.
|
||||
Clan uses Nix and NixOS to eliminate configuration drift and
|
||||
dependency conflicts, reducing operational overhead enough for a
|
||||
single administrator to reliably self-host complex distributed
|
||||
services.
|
||||
Overlay VPNs are central to Clan's architecture,
|
||||
providing the secure peer connectivity that enables nodes
|
||||
to form cohesive networks regardless of their physical location or
|
||||
@@ -92,10 +91,8 @@ During the development of Clan, a recurring challenge became apparent:
|
||||
practitioners held divergent preferences for mesh VPN solutions,
|
||||
each citing different edge cases where their chosen VPN
|
||||
proved unreliable or lacked essential features.
|
||||
These discussions were largely grounded in anecdotal evidence
|
||||
rather than systematic evaluation.
|
||||
This observation revealed a clear need for rigorous,
|
||||
evidence-based comparison of peer-to-peer overlay VPN implementations.
|
||||
These discussions were grounded in anecdotal evidence rather than
|
||||
systematic evaluation, motivating the present work.
|
||||
|
||||
\subsection{Related Work}
|
||||
|
||||
@@ -122,9 +119,9 @@ Beyond filling this research gap, a further goal was to create a fully
|
||||
automated benchmarking framework capable of generating a public
|
||||
leaderboard, similar in spirit to the js-framework-benchmark
|
||||
(see Figure~\ref{fig:js-framework-benchmark}). By providing an
|
||||
accessible web interface with regularly updated results, we hope to
|
||||
encourage P2P VPN developers to optimize their implementations in
|
||||
pursuit of top rankings.
|
||||
accessible web interface with regularly updated
|
||||
results, the framework gives VPN developers a concrete, public
|
||||
baseline to measure against.
|
||||
|
||||
\section{Research Contribution}
|
||||
|
||||
@@ -132,8 +129,8 @@ This thesis makes the following contributions:
|
||||
|
||||
\begin{enumerate}
|
||||
\item A comprehensive benchmark of ten peer-to-peer VPN
|
||||
implementations across seven workloads. Including real-world
|
||||
video streaming and package downloads; and four network
|
||||
implementations across seven workloads (including real-world
|
||||
video streaming and package downloads) and four network
|
||||
impairment profiles, producing over 300 unique measurements.
|
||||
\item A source code analysis of all ten VPN implementations,
|
||||
combining manual code review with LLM-assisted analysis,
|
||||
@@ -146,9 +143,9 @@ This thesis makes the following contributions:
|
||||
independent replication of all results.
|
||||
\item A performance analysis demonstrating that Tailscale
|
||||
outperforms the Linux kernel's default networking stack under
|
||||
degraded conditions, and that kernel parameter tuning; Reno
|
||||
congestion control in place of CUBIC, with RACK
|
||||
disabled; yields measurable throughput improvements.
|
||||
degraded conditions, and that kernel parameter tuning (Reno
|
||||
congestion control in place of CUBIC, with RACK
|
||||
disabled) yields measurable throughput improvements.
|
||||
\item The discovery of several security vulnerabilities across
|
||||
the evaluated VPN implementations.
|
||||
\item An automated benchmarking framework designed for public
|
||||
@@ -225,7 +222,7 @@ This thesis makes the following contributions:
|
||||
\caption{Stage 8}
|
||||
\end{subfigure}
|
||||
|
||||
\caption{Visionary Webinterface to Setup a Clan Family Network}
|
||||
\caption{Planned web interface for setting up a Clan family network}
|
||||
\label{fig:vision-stages}
|
||||
\end{figure}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user