NETWORK STACK OPTIMIZATION FOR IMPROVED IPSEC PERFORMANCE ON LINUX

被引:0
|
作者
Iatrou, Michael G. [1 ]
Voyiatzis, Artemios G. [1 ]
Serpanos, Dimitrios N. [1 ]
机构
[1] Univ Patras, Dept Elect & Comp Engn, GR-26504 Patras, Greece
来源
SECRYPT 2009: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY | 2009年
关键词
IPsec; Performance; Petworking; Security; Linux;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.
引用
收藏
页码:83 / 91
页数:9
相关论文
共 50 条
  • [1] Analysis of the possibilities of using IPSec on a Linux system for wireless networks
    Janczuk, Marcin
    Sawicki, Daniel
    PHOTONICS APPLICATIONS IN ASTRONOMY, COMMUNICATIONS, INDUSTRY, AND HIGH-ENERGY PHYSICS EXPERIMENTS 2018, 2018, 10808
  • [2] Measuring the Cost of the Linux Network Stack in Real-Time
    Miola, Davide
    Risso, Fulvio
    Parola, Federico
    2024 IEEE 10TH INTERNATIONAL CONFERENCE ON NETWORK SOFTWARIZATION, NETSOFT 2024, 2024, : 295 - 303
  • [3] Optimizations for High-Performance IPsec Execution
    Iatrou, Michael G.
    Voyiatzis, Artemios G.
    Serpanos, Dimitrios N.
    E-BUSINESS AND TELECOMMUNICATIONS, 2011, 130 : 199 - 211
  • [4] The internals of advanced interrupt handling techniques: Performance optimization of an embedded Linux network interface
    Spanos, Stergios
    Meliones, Apostolos
    Stassinopoulos, George
    COMPUTER COMMUNICATIONS, 2008, 31 (14) : 3460 - 3468
  • [5] IPsec for high speed network links: Performance analysis and enhancements
    Ullah, Sami
    Choi, Joontae
    Oh, Heekuck
    FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2020, 107 : 112 - 125
  • [6] A Secure Neighborhood Area Network Using IPsec
    Aouini, Imen
    Ben Azzouz, Lamia
    Saidane, Leila Azzouz
    2016 INTERNATIONAL WIRELESS COMMUNICATIONS AND MOBILE COMPUTING CONFERENCE (IWCMC), 2016, : 102 - 107
  • [7] PERFORMANCE INVESTIGATION OF IPSEC PROTOCAL OVER IPv6 NETWORK
    Wen, Xin
    Xu, Changqiao
    Guan, Jianfeng
    Su, Wei
    Zhang, Hongke
    PROCEEDINGS OF THE 2010 INTERNATIONAL CONFERENCE ON ADVANCED INTELLIGENCE AND AWARENESS INTERNET, AIAI2010, 2010, : 174 - 177
  • [8] Improved IPsec performance utilizing transport-layer-aware compression architecture
    Li, Jung-Shian
    Hsieh, Che-Jen
    Chang, Chih-Ying
    Chilamkurti, Naveen
    SECURITY AND COMMUNICATION NETWORKS, 2011, 4 (09) : 1063 - 1074
  • [9] Network processor architecture for IPSec
    Han, M
    Kim, J
    Sohn, S
    6TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS 1 AND 2, PROCEEDINGS: BROADBAND CONVERGENCE NETWORK INFRASTRUCTURE, 2004, : 485 - 487
  • [10] Analysis and implementation of custom cipher algorithm for IPsec under Linux OS
    Veinovic, Mladen
    Jevremovic, Aleksandar
    Simic, Goran
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2008, 8 (07): : 80 - 86
12345