Abstract
IPsec provides security services at the IP layer. The performance of IPsec is markedly decreased when it handles small packets. In this paper, we propose a method, IP packet concatenation (IPConc), to improve throughput of small packet processing. Our proposal reduces the number of packets and overall load for packet processing and IPsec processing. We implemented IPConc with Linux 2.4.17 and FreeS/WAN 1.95. The system which is enhanced by our proposal performed significantly better than original version. The throughput with 64 byte packets was increased as much as 250%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kohler, E., Morris, R., Chen, B., Jannotti, J.: The Click Modular Router. ACM Transactions on Computer Systems 18(3), 263–297 (2000)
Aron, M., Druschel, P.: Soft Timers - Efficient Microsecond Software Timer Support for Network Processing. ACM Transactions on Computer Systems 18(3), 197–228 (2000)
Miltchev, S., Ioannidis, S., Keromytis, A.D.: A Study of the Relative Costs of Network Security Protocols. In: The proceedings of the USENIX Annual Technical Conference (June 2002)
Kim, I., Moon, J., Yeom, H.Y.: Timer-Based Interrupt Mitigation for High Performance Packet Processing. In: International Conference on High- Performance Computing in the Asis-Pacific Region (September 2001)
Virtual Private Network Consortium, http://www.vpnc.org/
FreeS/WAN - Linux IPsec Implementation, http://www.freeswan.org/
Harkins, D., Carrel, D.: RFC 2409 The Internet Key Exchange (IKE)
Maughan, D., Schertler, M., Schneider, M., Turner, J.: RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP)
Pereira, R.: RFC 2394 IP Payload Compression Using DEFLATE
Shacham, A., Monsour, B., Pereira, R., Thomas, M.: RFC 3173 IP Payload Compression Protocol (IPCOMP)
McDonald, D., Metz, C., Phan, B.: RFC 2367 PF KEY Key Management API, Version 2
Kent, S., Atkinson, R.: RFC 2401 Security Architecture for the Internet Protocol
Atkinson, R.: RFC 1827 IP Encapsulating Security Payload (ESP)
Atkinson, R.: RFC 1826 IP Authentication Header (AH)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Moon, J., Yeom, H.Y. (2003). IP Concatenation: The Method for Enhancement of IPsec Performance. In: Freire, M.M., Lorenz, P., Lee, M.MO. (eds) High-Speed Networks and Multimedia Communications. HSNMC 2003. Lecture Notes in Computer Science, vol 2720. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45076-4_37
Download citation
DOI: https://doi.org/10.1007/978-3-540-45076-4_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40542-9
Online ISBN: 978-3-540-45076-4
eBook Packages: Springer Book Archive