TCP-GEN Framework to Achieve High Performance for HAIPE-Encrypted TCP Traffic in a Satellite Communication Environment

摘要

A satellite communication environment has a high latency and a high data error rate, and thus the performance of TCP is greatly impaired. To overcome this, Performance Enhancing Proxies (PEPs) are commonly deployed around the satellite links. However, the operation of PEPs is disabled when TCP traffic is encrypted by High Assurance Internet Protocol Encryptions (HAIPE). As a result the performance of the HAIPE-encrypted TCP traffic across satellite links becomes very low. Numerous approaches have been proposed to resolve this problem, but a practical solution is yet to be developed. In this research, we developed a method that can achieve the high performance offered by PEPs for HAIPE-encrypted TCP traffic across satellite links. This method encodes and relays the original TCP flow information across HAIPE without any modification to the existing HAIPE while preserving the same level of security. It then reconstructs new TCP streams and encapsulates HAIPE-encrypted original TCP packets in them. These new TCP streams can be natively handled by PEPs and thus the full TCP performance can be achieved. This method is also applicable to both IPv4 and IPv6. However, this scheme faces a challenge of handling TCP-over-TCP that suffers from a phenomenon called TCP meltdown. We propose a method that can prevent TCP meltdown and briefly describe it.