Classification
Available PEP implementations use different methods to enhance performance.
- Proxy Type: A PEP can either 'split' a connection or 'snoop' into it. In the first case, the proxy pretends to be the opposite endpoint of the connection in each direction, literally splitting the connection into two. In the latter case, the proxy controls the transmissions of the TCP segments in both direction, by ack filtering and reconstruction in the existing connection (see protocol spoofing). This is based on the OSI level of implementation of the PEP.
- Distribution: PEPs can be either integrated or distributed. Integrated PEP will run on a single box, while distributed PEP will require to be installed on both sides of the link that cause the performance degradation. This is quite common in commercial PEP devices, which act as a black box, using more or less open protocols to communicate between them in the place of TCP.
- Symmetry: A PEP implementation may be symmetric or asymmetric. Symmetric PEPs use identical behavior in both directions, the actions taken by the PEP occur independent from which interface a packet is received. Asymmetric PEPs operate differently in each direction, which can cause, for example, only one link direction performance to be enhanced.
Read more about this topic: Performance Enhancing Proxy