NETWORK STACK OPTIMIZATION FOR IMPROVED IPSEC PERFORMANCE ON LINUX

被引：0

作者：

Iatrou, Michael G. ^{[1
]}

Voyiatzis, Artemios G. ^{[1
]}

Serpanos, Dimitrios N. ^{[1
]}

机构：

[1] Univ Patras, Dept Elect & Comp Engn, GR-26504 Patras, Greece

来源：

SECRYPT 2009: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY | 2009年

关键词：

IPsec; Performance; Petworking; Security; Linux;

D O I：

暂无

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.

引用

页码：83 / 91

页数：9

共 50 条

[21] The Research and Design for IPSec Protocol based on Embedded Linux OS over IPv6
Chen, Xiaodan
Yue, Qiang
Su, Limin
MECHANICAL ENGINEERING AND INTELLIGENT SYSTEMS, PTS 1 AND 2, 2012, 195-196 : 1111 - +
[22] GSM and GPRS performance of IPSEC data communication
Me, Gianluigi
Italiano, Giuseppe F.
Spagnoletti, Paolo
E-BUSINESS AND TELECOMMUNICATION NETWORKS, 2006, : 125 - +
[23] Research on Security Solutions of Softswitch Network based on IPSec
Mao, Jiangkun
Xu, Yufeng
ADVANCES IN MECHATRONICS, AUTOMATION AND APPLIED INFORMATION TECHNOLOGIES, PTS 1 AND 2, 2014, 846-847 : 1660 - 1663
[24] Implementation of Virtual Private Network based on IPSec Protocol
Wu, Jianwu
2009 ETP INTERNATIONAL CONFERENCE ON FUTURE COMPUTER AND COMMUNICATION (FCC 2009), 2009, : 138 - 141
[25] EFFICIENCY NETWORK REGULATED BY LINUX
Slovacek, Dan
Janovic, Filip
EIGHTH INTERNATIONAL CONFERENCE ON SOFT COMPUTING APPLIED IN COMPUTER AND ECONOMIC ENVIRONMENTS, 2010, : 35 - 41
[26] Extending a campus network with remote bubbles using IPsec
Bonnet, A
Lobelle, M
ADVANCES IN NETWORK AND DISTRIBUTED SYSTEMS SECURITY, 2001, 78 : 139 - 151
[27] Design of IPSec Virtual Private Network For Remote Access
Deshmukh, Dnyanesh
Iyer, Brijesh
2017 IEEE INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND AUTOMATION (ICCCA), 2017, : 716 - 719
[28] PERFORMANCE EVALUATION FOR LINUX UNDER SYN FLOODING ATTACKS
Oshima, Shunsuke
Nakashima, Takuo
INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2009, 5 (03): : 555 - 565
[29] Translating a Legacy Stack to Microservices Using a Modernization Facade with Performance Optimization for Container Deployments
Mahanta, Prabal
Chouta, Suchin
ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS, OTM 2019, 2020, 11878 : 143 - 154
[30] Memory-Aware Fair-Share Scheduling for Improved Performance Isolation in the Linux Kernel
Kim, Jungho
Shin, Philkyue
Kim, Myungsun
Hong, Seongsoo
IEEE ACCESS, 2020, 8 : 98874 - 98886

← 1 2 3 4 5 →