NETWORK STACK OPTIMIZATION FOR IMPROVED IPSEC PERFORMANCE ON LINUX

被引:0
作者
Iatrou, Michael G. [1 ]
Voyiatzis, Artemios G. [1 ]
Serpanos, Dimitrios N. [1 ]
机构
[1] Univ Patras, Dept Elect & Comp Engn, GR-26504 Patras, Greece
来源
SECRYPT 2009: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY | 2009年
关键词
IPsec; Performance; Petworking; Security; Linux;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.
引用
收藏
页码:83 / 91
页数:9
相关论文
共 50 条
  • [41] Research on Linux Network Device Driver
    刘天华
    朱宏峰
    赵麟
    陈枭
    常桂然
    周传生
    Journal of China Ordnance, 2006, (02) : 151 - 156
  • [42] The Virtual Enterprise Network based on IPSec VPN Solutions and Management
    Rosu, Sebastian Marius
    Popescu, Marius Marian
    Dragoi, George
    Guica, Ioana Raluca
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2012, 3 (11) : 26 - 34
  • [43] Network Interface Grouping in the Linux Kernel
    Dogaru, Vlad
    Purdila, Octavian
    Tapus, Nicolae
    PROCEEDINGS OF ICNS 2011: THE SEVENTH INTERNATIONAL CONFERENCE ON NETWORKING AND SERVICES, 2011, : 131 - 135
  • [44] IXP2400 network processor architecture for IPSEC application
    Han, Minho
    Kim, Kiyoung
    Jang, Jongsoo
    Proceedings of the Ninth IASTED International Conference on Internet and Multimedia Systems and Applications, 2005, : 28 - 31
  • [45] On the effectiveness of Linux containers for network virtualization
    Calarco, G.
    Casoni, M.
    SIMULATION MODELLING PRACTICE AND THEORY, 2013, 31 : 169 - 185
  • [46] Improved IPSec tunnel establishment for 3GPP-WLAN interworking
    Samoui, S.
    El Bouabidi, I.
    Obaidat, M. S.
    Zarai, F.
    Hsiao, K. F.
    Kamoun, L.
    INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2015, 28 (06) : 1180 - 1199
  • [47] Real-time performance evaluation of Linux ARM virtualization
    Gu, Feng
    Hu, Fei
    Chen, Haopeng
    ENERGY SCIENCE AND APPLIED TECHNOLOGY, 2016, : 401 - 407
  • [48] The I/O performance evaluation of a Linux-based network-attached storage device
    Sun, ZY
    Dong, YG
    Wu, JL
    Jia, HB
    Feng, GP
    ADVANCED OPTICAL STORAGE TECHNOLOGY, 2002, 4930 : 313 - 318
  • [49] Receive CPU Selection Framework Cross-Layer Optimization In Network Stack to Improve Server Scalability
    He, Jiaquan
    Chen, Yu
    Zhang, Yong
    Xing, Chunxiao
    2015 12TH WEB INFORMATION SYSTEM AND APPLICATION CONFERENCE (WISA), 2015, : 334 - 339
  • [50] Treating the Storage Stack Like a Network
    Stefanovici, Ioan
    Schroeder, Bianca
    O'Shea, Greg
    Thereska, Eno
    ACM TRANSACTIONS ON STORAGE, 2017, 13 (01)
12345