Network stack optimization for improved IPsec performance on Linux

Michael G. Iatrou, Artemios G. Voyiatzis, Dimitrios N. Serpanos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.

Original languageEnglish
Title of host publicationICETE 2009 - International Joint Conference on e-Business and Telecommunications
Pages83-91
Number of pages9
Publication statusPublished - 1 Dec 2009
Externally publishedYes
EventICETE 2009 - International Joint Conference on e-Business and Telecommunications - Milan, Italy
Duration: 7 Jul 200910 Jul 2009

Other

OtherICETE 2009 - International Joint Conference on e-Business and Telecommunications
CountryItaly
CityMilan
Period7/7/0910/7/09

Fingerprint

Internet protocols
Virtual private networks
Cryptography
Throughput
Internet
Linux
Security protocols
Network optimization
World Wide Web
Connectivity

Keywords

  • IPsec
  • Linux
  • Performance
  • Petworking
  • Security

ASJC Scopus subject areas

  • Business and International Management
  • Management of Technology and Innovation
  • Computer Networks and Communications

Cite this

Iatrou, M. G., Voyiatzis, A. G., & Serpanos, D. N. (2009). Network stack optimization for improved IPsec performance on Linux. In ICETE 2009 - International Joint Conference on e-Business and Telecommunications (pp. 83-91)

Network stack optimization for improved IPsec performance on Linux. / Iatrou, Michael G.; Voyiatzis, Artemios G.; Serpanos, Dimitrios N.

ICETE 2009 - International Joint Conference on e-Business and Telecommunications. 2009. p. 83-91.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Iatrou, MG, Voyiatzis, AG & Serpanos, DN 2009, Network stack optimization for improved IPsec performance on Linux. in ICETE 2009 - International Joint Conference on e-Business and Telecommunications. pp. 83-91, ICETE 2009 - International Joint Conference on e-Business and Telecommunications, Milan, Italy, 7/7/09.
Iatrou MG, Voyiatzis AG, Serpanos DN. Network stack optimization for improved IPsec performance on Linux. In ICETE 2009 - International Joint Conference on e-Business and Telecommunications. 2009. p. 83-91
Iatrou, Michael G. ; Voyiatzis, Artemios G. ; Serpanos, Dimitrios N. / Network stack optimization for improved IPsec performance on Linux. ICETE 2009 - International Joint Conference on e-Business and Telecommunications. 2009. pp. 83-91
@inproceedings{3bada3d8dcbf415597b50d8b0b2ce40a,
title = "Network stack optimization for improved IPsec performance on Linux",
abstract = "Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.",
keywords = "IPsec, Linux, Performance, Petworking, Security",
author = "Iatrou, {Michael G.} and Voyiatzis, {Artemios G.} and Serpanos, {Dimitrios N.}",
year = "2009",
month = "12",
day = "1",
language = "English",
pages = "83--91",
booktitle = "ICETE 2009 - International Joint Conference on e-Business and Telecommunications",

}

TY - GEN

T1 - Network stack optimization for improved IPsec performance on Linux

AU - Iatrou, Michael G.

AU - Voyiatzis, Artemios G.

AU - Serpanos, Dimitrios N.

PY - 2009/12/1

Y1 - 2009/12/1

N2 - Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.

AB - Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.

KW - IPsec

KW - Linux

KW - Performance

KW - Petworking

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=74549117877&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=74549117877&partnerID=8YFLogxK

M3 - Conference contribution

SP - 83

EP - 91

BT - ICETE 2009 - International Joint Conference on e-Business and Telecommunications

ER -