Network stack optimization for improved IPsec performance on Linux

Michael G. Iatrou, Artemios G. Voyiatzis, Dimitrios N. Serpanos

Research output: Contribution to conferencePaper

Abstract

Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.

Original languageEnglish
Pages83-91
Number of pages9
Publication statusPublished - 1 Dec 2009
EventICETE 2009 - International Joint Conference on e-Business and Telecommunications - Milan, Italy
Duration: 7 Jul 200910 Jul 2009

Other

OtherICETE 2009 - International Joint Conference on e-Business and Telecommunications
CountryItaly
CityMilan
Period7/7/0910/7/09

    Fingerprint

Keywords

  • IPsec
  • Linux
  • Performance
  • Petworking
  • Security

ASJC Scopus subject areas

  • Business and International Management
  • Management of Technology and Innovation
  • Computer Networks and Communications

Cite this

Iatrou, M. G., Voyiatzis, A. G., & Serpanos, D. N. (2009). Network stack optimization for improved IPsec performance on Linux. 83-91. Paper presented at ICETE 2009 - International Joint Conference on e-Business and Telecommunications, Milan, Italy.