Adaptive VPN Bonding Technique for Enhancing Dual-SIM Mobile Internet Access Francesco Beritelli∗ , Aurelio La Corte∗ , Grazia Lo Sciuto‡ , Corrado Rametta∗ , Francesco Scaglione∗ ∗ Dep. of Electrical, Electronics and Informatics Engineering, University of Catania, Italy ‡ Department of Engineering, Roma Tre University, Italy Abstract—Mobile Internet access networks are not designed and a remote command and control and/or monitoring node. As to support real-time data traffic because of several drawbacks to the costs/benefits balance, the proposed method on the one concerning the wireless medium such as resource sharing, traffic hand requires a dual RF module, but on the other hand it is also congestion, radio link coverage etc., which impact directly such true that nowadays HSPA or LTE modems have become very parameters as delay, jitter, and packet loss rate that are strictly cheap and common and there are a lot of free and open source connected to the quality of user experience. While in a fixed operative systems allowing the implementation of advanced network scenario the gap is reduced arbitrarily by an appropriate dimensioning of the characteristics of ADSL access in terms of networking functions such as load balancing techniques, VPN guaranteed minimum bandwidth or MCR (minimum cell rate), creation and bonding, network performance evaluation and so in a cellular network scenario the quality of service over IP is on. greatly reduced due to strong current limitations in terms of the The paper is structured as follows: Section II describes requirements regarding delay and guaranteed bandwidth that the possible applications and contexts where the proposed cannot be arbitrarily decided. The main scope of the present approach can offer considerable benefits in terms of reliability paper is to introduce a dual USIM HSPA access point thanks to and efficiency and gives an overview on the overall system; which it will be possible to guarantee a QoS suitable for a series Section III presents the end-to-end bandwidth measurement al- of network-centric application such as real-time communications gorithm and the adaptive weight assignment procedure; Section and monitoring, video surveillance, real-time sensor networks, IV reports the performance results of a real test bed; finally, telemedicine, vehicular and mobile sensor networks and so on. The main idea is to exploit multiple radio access networks in in Section V conclusions are drawn. order to enhance the available end-to-end bandwidth and the perceived quality of experience. The scope has been reached by combining multiple radio access with dynamic load balancing II. S CENARIO and the VPN bond technique. Wireless sensor networks and internet of things have be- come very commonly used technologies enabling a large num- I. I NTRODUCTION ber of applications and services in everyday life. Usually the The rapid and continuous consolidation of Mobile Inter- architecture of the above cited networks is based on a certain net access request together with the significant increase of number of sensors and devices that communicate among them mobile services provided by third and fourth generation (3G, and towards a critical device called sink that has the scope HSPA, LTE) networks, have recently created the conditions of collecting data from the devices for monitoring, control, for a considerable expansion of mobile IP applications and statistics, etc. Often the sink is designed to communicate via services. Mobile IP networks are not designed to support real- Internet to a remote command and control position where a time and/or time-critical traffic because of several drawbacks user can operate over the network. With this scope, the sink concerning the wireless medium [1]: resource sharing, traffic provides the functionality of gateway with the external IP congestion, radio link coverage etc., which impact directly world. Regarding this aspect, the gateway is equipped with such parameters as delay, jitter, and packet losses. These are Ethernet, wifi, or 3G/4G interfaces in order to communicate the main causes of quality degradation of numerous services with the IP world according to the applicative scenario for over the PSTN. In recent works the authors have introduced which the ad hoc network has been conceived. In particular, a dual streaming (or packet duplication) approach to mitigate when the sensor network or the IoT network are deployed for the degradation of speech quality [2] in a scenario of dual-SIM command and/or control, monitoring, surveillance or similar VoIP services over 3G-HSPA [3], [4]. use in mobile or vehicular contexts and a fixed wide area In the present paper, the authors propose a multiple SIM network connection is not available, it is mandatory to provide Access Point exploiting VPNs bond of two cellular radio a stable, reliable and effective wireless connection towards access connections coupled with an adaptive load balancing the remote server in order to guarantee the required QoS algorithm based on real time evaluation of the available end- for time-critical and real time applications (see e.g. highly to-end bandwidth offered by two different network operators. computationally costly applications [5]–[12], or distributed The authors propose a trivial prototype in order to evaluate services [13]). the effectiveness of the proposed solution in terms of the With this aim the authors propose a Dual SIM 3G/4G enhancement of both the instantaneous available bandwidth wireless access point that acts as the sink for the sensor and connection availability between the mobile access point network and, at the same time, acts as gateway towards the IP core network. To guarantee QoS for time critical and real time Copyright c 2016 held by the authors. applications, the proposed device offers two main features: 47  Fig. 2. VPNs bond architecture.  Fig. 1. Scenario overview. two connections and the perceived end-to-end bandwidth is equal to the one offered by the best network operator. Instead, 1) a VPN bonding between the two radio access the use of the VPNs bond technique permits to enhance the connections, thanks to which it is possible to obtain available end-to-end bandwidth also in the case of only one a bandwidth almost equal to the sum of the two data flow from the source node, i.e. the gateway of the ad hoc available end-to-end bandwidths; network, and the destination, i.e. the remote command and control position. 2) a dynamic load balancing algorithm, which is a The VPNs bonding consists in unifying two or more layer process that establishes the weights the device gives 2 connections in order to be able to assign to one data flow a to the two different radio connections during the bandwidth ideally equal to the sum of the bandwidth offered movement of the mobile sink/gateway on the base by single L2 connections. This technique is well known and of the instantaneous available end-to-end bandwidth widely employed in the field of Ethernet switches where it is offered by the two different network operators. possible to unify two or more L2 interfaces to guarantee a larger point-to-point bandwidth in the core network. It has been observed that in this first phase of the present In the present use case, the procedure consists in the research the weights are established in order to maximize the creation of a VPN between each 3G/4G interface and the cumulative bandwidth but as a future work the authors will end point of the communication, i.e. the remote server. Once implement a more complex algorithm able to dynamically established the two VPNs it is possible to make the bonding calculate the VPN weights based on the traffic typology (voice, of the latter in order to establish a large bandwidth connection file transfer, best effort, etc.) and the related parameters that between source and destination nodes (see fig. 2). Usually the directly impact on the quality of experience of the end user VPNs bond technique is coupled with a trivial load balancing willing to use the service. algorithm that consists in assigning static and equal weights to each L2 connection. III. A RCHITECTURE AT A G LANCE In case of L2 switches or DSL modem/routers this ap- proach represents a good solution because the network con- The smart gateway proposed by the authors is based on ditions are similar for each interface and they remain almost a well-known technique called VPNs bond, usually employed constant in time. Let us suppose that the two available con- in the Ethernet switch and extended to the cellular domain nections provide a bandwidth equal to 2 Mbps; in such a case to counteract some drawbacks connected to the radio access a trivial load balancer will assign weights equal to 1 to each technology. Due to the application of VPNs bond it is possible connection and the system will provide a bandwidth equal to to balance the data load among the available network interfaces 4 Mbps. but, for the sake of clarity, it should be highlighted that this Now, supposing that at a time t the connection number 1 technique is much more flexible if compared to the common provides a bandwidth equal to 2 Mbps whereas the connection load balancing algorithms; in fact, the latter permit to split number 2 offers a bandwidth equal to 1 Mbps. Under this the data connection between the source and the destination by condition, if the load balancing algorithm maintains constant using the available connections and according to the weights weights, by using a simple round robin mechanism, the con- assigned to each interface. In such a way, the effectiveness of nection 2 will represent a bottleneck for the system because the mechanism is obtained only when there are more than one the overall available end-to-end bandwidth will not be equal end-to-end connection between the sender and the receiver. to the sum of the two bandwidths but it will be equal to twice In case there is only a data flow towards the remote server, that of the worst connection. load balancing permits to assign the data stream to one of the In a wireless scenario characterized by the high variability 48  Fig. 4. One way delay values of the ith packet train in the SLoPS technique  Fig. 3. The prototype employed for our test bed. IV. A DAPTIVE W EIGTH A SSIGNEMENT of radio coverage, different traffic conditions, handover proce- The proposed algorithm can be summarized in three steps: dures, and mobility, each radio interface equipped with the 1) Bandwidth measuremet for each available radio data related SIM - performs according to the infrastructure and the connection; load conditions set by its operator. Under these conditions, a static weights assignment would result in a drastic reduction 2) Results analysis and weight evaluation to establish in performance where the worst connection would act as a and set up the VPN bond parameters; bottleneck for the whole system. With the aim of overcoming this limit, the authors propose a mechanism of real time 3) Periodic performance evaluation to determinate the bandwidth evaluation to establish each time and for each L2 most suitable weight for each mobile connection. connection the weights to assign to the VPNs bond, thus maximizing the transmission rate towards the destination node. As to the first step, i.e. the end-to-end bandwidth evalua- In the next sections the adaptive load balancing algorithm tion, it is carried out via the Self Loading of Periodic Streams will be described and the first performance evaluation of a (SloPS) technique [17]–[19]. The latter is based on a client- trivial prototype will be presented. server application: the sender process runs on the multi-SIM access point whereas the receiver process runs on a remote host, which, in the present architecture, is the remote gathering A. Description of the prototype node of the sensor data network. The above mentioned architecture is suitable in case the To prove the effectiveness of our proposal we realized mobile hot spot has to send data towards a remote sink a prototype by using a small form factor system boards collecting sensor data; however, if the time-critical application optimized for wireless routing and network applications, is based on the transmission from the remote host to the mobile an ALIX2D2 board [14], equipped with a 500 MHz AMD network the upload bandwith will be taken into consideration. Geode LX800 CPU and 256 MB DDR DRAM on board; The working principle of the Self Loading of Periodic two USB Internet keys have been used to provide cellular Streams is very simple: it is based on the periodic transmission connectivity and the two devices have been equipped with of packet streams from the source to the destination and on the two SIMs of two different network operators, that we will consequent measure of the One Way Delay (OWD), which is define as Operator 1 and Operator 2 in the following sections; the time interval between the transmission of the data packet ZeroShell [15] and OpenVPN [16] has been used as operative and its reception at the receiver side. system and VPN manager respectively, whereas proprietary The number of packets transmitted increases until the scripts has been realized by using bash and python language growing one way delay; when this happens it means that the to evaluate the available end-to-end bandwidth between the packet transmission rate is greater than the available bandwidth couples source-destination and, consequently, to establish the provided by the radio access network. Fig. 4 shows the weights to assign to each VPN in order to maximize the above mentioned procedure: when the transmission rate (R) is overall performance of the prototype. compatible with the available bandwidth (A), i.e. R < A, the For the aim of clarity, the same hardware and software one way delay shows an almost constant trend; however, when have been employed to evaluate the performance of the the packet rate from the source to the destination is greater standard static weights assignment procedure without using, than the available bandwidth, i.e. R > A, the one way delay obviously, the scripts for the dynamic evaluation of the VPN increases because of the TCP congestion window mechanism. weights. A picture of the hardware employed to realize our The measurement is obtained by the iterative sending of prototype is shown in fig. 3. a series of K packets of L bit each of which is transmitted during an interval of T seconds. In such a way the transmission 49 Fig. 5.   Countryside route of the test bed. rate is equal to R = L/T [bit/s]. Each packet of the series 3) The iterative process ends when (Rmax −Rmin ) < w, has a timestamp to indicate when the data packet has been where w indicates the value depending on the pre- created and sent to the receiver node. Once the destination node cision of the bandwidth evaluation procedure (obvi- receives the packets stream it compares the arrival time (Ai ) ously, the greater the w the less accurate evaluation and the sending time (Si ) of the packets in order to calculate but, at the same time, the faster the convergence the one way delay of the ith stream, i.e. Di = Ai Si . period required by the algorithm). The sender and the receiver communicate according to the client-server paradigm in order to establish the available The above mentioned algorithm runs for each radio access bandwidth. When the one way delay at the destination side connection and converges to the actually available end-to-end increases, in fact, the receiver process notifies the sender that bandwidth. When the process ends, the bandwidth values are behaves as follows: communicated to the adaptive load balancing process that updates the VPNs bond weights as follows: a If R(i) < A, the source process will send the a the VPN weight of the worst connection is set equal following packets stream at R(i + 1) > R(i); to 1; b If R(i) > A, the source process will send the b the VPN weight of the best connection is set equal following packets stream at R(i + 1) < R(i); to Abetter /Aworst ; Furthermore, the rate of the stream (i + 1) is established as in case the bandwidth offered by one of the two operators is follows [10]: equal to 0, e.g. because of a lack of radio coverage, the whole traffic is routed to the active connection. 1) Two start parameters, Rmin ed Rmax , are initial- ized equal to zero and equal to the ideal maximum V. P ERFORMANCE EVALUATION throughput provided by the connection Rmax ; In the above sections some problems have been illustrated o If R(i) < A then Rmin = R(i); that arise when a mobile wireless sensor networks have to be o If R(i) > A then Rmax = R(i); connected to a remote command and control server by using the public 3G or 4G radio network. 2) R(i + 1) = (Rmax − Rmin )/2; In order to overcome such drawbacks as connection inter- ruption, lack of bandwidth, delay in performance, jitter and 50  Fig. 6. Throughput comparison Single operators and static bond.  Fig. 8. Static scheme vs. Adaptive scheme. first part of the test bed the two network operators have similar performances in terms of available end-to-end bandwidth; in the second part the Operator 2 performs better that the Operator 1. When the first case appears both static and adaptive bonding perform well outperforming the performance of the two single operators; static and adaptive approaches show almost the same behavior. When the second case appears, the performance of the static bonding mechanism is drastically worse than the proposed adaptive approach and, furthermore, the VPNs bonding provides an end-to-end bandwidth lower than the one offered by the best single network operator, in such a case the Operator 2. More in detail, during the sink movement the network  Fig. 7. Throughput comparison Single operators and adaptive bond. operator 2 delivers better performance respect with the network operator 1. In such a case, the VPNs bond and the static load balancing algorithm does not perform as expected and the packet loss rate not compatible with time critical applications, dual SIM gateway behaves similarly to the worst of the two a smart dual SIM sink/gateway based on multiple radio ac- network operators (the throughput should be double the worst cess, VPN bonding and adaptive load balancing between the connection but the overhead due to the establishment of the two available connections is proposed. VPNs, i.e. the overhead related to the establishment of SSH The present section will prove the effectiveness of the tunnel among the two radio network interfaces and the remote proposed solution showing the results obtained during our test server, drastically reduces the effective available bandwidth.); bed. We performed two campaigns of simulation, the first has in fact, the load balancing algorithm splits into two equal flows been realized in a countryside scenario as shown in fig. 5, the original one, assigning to each connection the amount of the second has been realized by moving the prototype in an data to transmit equal to the available bandwidth offered by urban scenario as shown in fig. 10; for each test bed 15 data the worst operator, the latter representing, the bottleneck of the transfers from the mobile sink/gateway to the remote C2 have system. In such a case, the VPN bond coupled with the static been performed; during the test bed it has been evaluated: load balancing does not offer any performance enhancement because of the incorrect assignment of bond weights. - the throughput for each cellular operator; Fig. 7 indicates the results obtained by the proposed cellular bonding prototype with the use of the adaptive load - the throughput obtained by using the dual SIMs balancing algorithm in order to counteract the drawbacks VPNs bonding with static weights assignment; related to the variability of the end-to-end bandwidth offered by each radio operator during the movement of the mobile - the throughput obtained by using the bond of the two sink/gateway. The mobile sink/gateway was moved following VPNs coupled with the adaptive weights assignment the same route. It clearly appears that the cellular bonding and load balancing. almost always outperforms the best cellular operator; however, when this does not happen it is due to the convergence time In fig. 6 and fig. 7, referring to the static and the adaptive of the adaptive weights algorithms. Also, this case highlights weights assignment respectively in the extra-urban scenario, it that the final end-to-end bandwidth is not equal to the sum of is possible to notice that two different conditions appear: in the all bandwidths because of the presence of the overhead due to 51 Fig. 10.   Urban route of the test bed. weights assignment respectively in the urban scenario, it is possible to notice that three different conditions appear: in the first part of the test bed one of the two operator goes down because of lack of radio coverage or network congestion; in the second phase Operator 1 and Operator 2 have almost the same performance, and the same condition appear at the end of the test bed; in the third phase of the test bed Operator 1 performs better than Operator 2. When the first condition appear, the use of the VPNs bond technique and the use of two or more network accesses guarantees a seamless connectivity between the source and the destination if compared to the use of only one radio interface. More in detail when one of the two operators goes down the VPNs bond performs as the only working operator and the prototype behaves every time like a common single stream   device equipped with the USIM belonging to the best network operator, i.e. the operator offering the best connectivity at the Fig. 9. Average end-to-end bandwidth comparison. given time. Static and adaptive approaches behaves in the same manner and the performance delivered by the VPN bond coupled with the implementation of the VPNs and their bonding. the static load balancing between the two available connections In the fig. 8 the behaviour of static and dynamic weights is satisfactory in the above mentioned scenarios; however, is presented, whereas in the fig. 9 the average end-to-end when the performances of the two radio access networks are bandwidths of the two schemes and of the single operators different the adaptive scheme appropriately adjust the weights are compared. As we can see, the VPNs bond with adaptive assigned to the VPNs (see fig. 13) and it outperforms the static weights assignment outperforms the static assignment scheme one as shown in fig. 14. Finally, when the available bandwidth by almost 60% showing the effectiveness of the proposed solu- offered by each operator is almost equal, the adaptive scheme tion in vehicular applications such as telemedicine, telemetry, converges to the static one assigning the same weight to remote command and control, etc... the two connections and the two approaches show equal In fig. 11 and fig. 12, referring to the static and the adaptive 52  Fig. 11. Throughput comparison Static scheme.  Fig. 13. Weights assigned to each VPN by the Adaptive scheme.  Fig. 12. Throughput comparison Adaptive scheme.  Fig. 14. Static scheme vs. Adaptive scheme. performance. Under this condition, the dynamic assignment of the weight to each connection of the VPN bonding plays a key role in exploiting the best connection available at the given time. VI. C ONCLUSION Performance evaluation of the prototype shows the effective- The present paper proposes a dynamic VPNs bonding and ness of our approach in terms of instantaneous throughput. load balancing techniques between two or more available radio Considering the future work, the authors of the present paper access connections. are currently working on a device that is able to calculate the dynamic weights of the load balancing algorithm based on the kind of data traffic the sink/gateway has to transmit or receive The approach is based on a smart gateway and the typical from the remote command and control station. scenario is based on the following applications: mobile wire- less sensor networks, IoT networks, local area networks for R EFERENCES time critical or real time communications. The first approach permits us to enhance the available end- [1] A. Lamba, J. Yadav, and G. U. Devi, “Analysis of technologies in 3g and 3.5g mobile networks,” in International Conference on Communication to-end bandwidth and the reliability of the connection between Systems and Network Technologies (CSNT), 11-13 May, 2012, 2012, the sink and the remote position; the second step consists pp. 330–333. in the dynamic weights calculation to be assigned to each [2] S. Jadhav, H. Zhang, and Z. Huang, “Performance evaluation of quality connection in order to maximize the cumulative end-to-end of voip in wimax and umts,” in IEEE 12th International Conference bandwidth. In fact, Mobile IP networks are not designed to on Parallel and Distributed Computing, Applications and Technologies support real-time and/or time-critical traffic because of several (PDCAT), 2011. drawbacks concerning the wireless medium, such as resources [3] F. Beritelli, A. Gallotta, and C. Rametta, “A dual streaming approach for speech quality enhancement of voip service over 3g networks,” in sharing, traffic congestion, radio link coverage etc., which IEEE Digital Signal Processing (DSP), 1-3 July 2013, 2013, pp. 1–5. impact directly such parameters as bandwidth, delay, jitter, and [4] F. Beritelli and C. Rametta, “Hsdpa dual streaming approach for packet losses that are the main causes of quality degradation improving voip speech quality in forensic applications,” in IEEE 9th of numerous services over the PSTN. International Symposium on Communications Systems Networks and 53 Digital Signal Processing (CSNDSP) 2014, 23-25 July 2014, Manch- ester, UK, 2014. [5] G. Pappalardo and E. Tramontana, “Automatically discovering design patterns and assessing concern separations for applications,” in Proceed- ings of ACM Symposium on Applied Computing (SAC), Dijon, France, April 2006, pp. 1591–1596. [6] C. Napoli, G. Pappalardo, E. Tramontana, and G. Zappala, “A Cloud- Distributed GPU Architecture for Pattern Identification in Segmented Detectors Big-Data Surveys,” The Computer Journal, 2014. [7] C. Napoli, G. Pappalardo, and E. Tramontana, “An agent-driven se- mantical identifier using radial basis neural networks and reinforcement learning,” in XV Workshop ”From Objects to Agents” (WOA), vol. 1260. Catania, Italy: CEUR-WS, September 2014. [8] C. Napoli, G. Pappalardo, E. Tramontana, R. Nowicki, J. Starczewski, and M. Woźniak, “Toward work groups classification based on prob- abilistic neural network approach,” in Proceedings of International Conference on Artificial Intelligence and Soft Computing (ICAISC), ser. Springer LNCS, Zakopane, Poland, June 2015, vol. 9119, pp. 79–89. [9] C. Napoli, G. Pappalardo, E. Tramontana, Z. Marszałek, D. Połap, and M. Woźniak, “Simplified firefly algorithm for 2d image key-points search,” in Symposium on Computational Intelligence for Human- like Intelligence (CHILI), ser. Symposium Series on Computational Intelligence (SSCI). IEEE, 2014, pp. 118–125. [Online]. Available: http://dx.doi.org/10.1109/CIHLI.2014.7013395 [10] M. Woźniak, D. Połap, M. Gabryel, R. Nowicki, C. Napoli, and E. Tramontana, “Can we process 2d images using artificial bee colony?” in Proceedings of International Conference on Artificial Intelligence and Soft Computing (ICAISC), ser. Springer LNCS, Zakopane, Poland, June 2015, vol. 9119, pp. 660–671. [11] G. Capizzi, G. Lo Sciuto, C. Napoli, E. Tramontana, and M. Woźniak, “Automatic classification of fruit defects based on co-occurrence matrix and neural networks,” in Proceedings of IEEE Federated Conference on Computer Science and Information Systems (FedCSIS), Lodz, Poland, September 2015, pp. 873–879. [12] M. Woźniak, C. Napoli, E. Tramontana, G. Capizzi, G. Lo Sciuto, R. Nowicki, and J. Starczewski, “A multiscale image compressor with rbfnn and discrete wavelet decomposition,” in Proceedings of IEEE International Joint Conference on Neural Networks (IJCNN), Killarney, Ireland, July 2015, pp. 1–7, DOI: 10.1109/IJCNN.2015.7280461. [13] G. Borowik, M. Woźniak, A. Fornaia, R. Giunta, C. Napoli, G. Pap- palardo, and E. Tramontana, “A software architecture assisting workflow executions on cloud resources,” International Journal of Electronics and Telecommunications, vol. 61, no. 1, pp. 17–23, 2015. [14] “http://www.pcengines.ch/alix.htm.” [15] “http://www.zeroshell.net.” [16] “Openvpn: Building and integrating virtual private networks,” in Markus Feilner, Packt Publishing Ltd, 11 mag 2006, 2006. [17] J. Manish and C. Dovrolis, “Pathload: a measurement tool for end-to- end available bandwidth,” in Passive and Active Measurements (PAM) Workshop, 2002. [18] C. Manish, J.and Dovrolis, “End-to-end available bandwith: Mea- surements, methodology, dynamic and relation with tcp throughput,” IEEE/ACM Transactions on Networking, 2003. [19] R. S. Prasad, M. Murray, Dovrolis, and C. K. Claffy, “Bandwith estimation: metrics, measurement techniques and tools,” IEEE Network, 2003. 54