Network stack optimization for improved IPsec performance on linux

Michael G. Iatrou, Artemios G. Voyiatzis, Dimitrios N. Serpanos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.

Original languageEnglish
Title of host publicationSECRYPT 2009 - International Conference on Security and Cryptography, Proceedings
Pages83-91
Number of pages9
Publication statusPublished - 1 Dec 2009
Externally publishedYes
EventSECRYPT 2009 - International Conference on Security and Cryptography - Milan, Italy
Duration: 7 Jul 20097 Oct 2009

Other

OtherSECRYPT 2009 - International Conference on Security and Cryptography
CountryItaly
CityMilan
Period7/7/097/10/09

Fingerprint

Internet protocols
Virtual private networks
Cryptography
Throughput
Internet
Linux

Keywords

  • IPsec
  • Linux
  • Performance
  • Petworking
  • Security

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems
  • Software
  • Control and Systems Engineering

Cite this

Iatrou, M. G., Voyiatzis, A. G., & Serpanos, D. N. (2009). Network stack optimization for improved IPsec performance on linux. In SECRYPT 2009 - International Conference on Security and Cryptography, Proceedings (pp. 83-91)

Network stack optimization for improved IPsec performance on linux. / Iatrou, Michael G.; Voyiatzis, Artemios G.; Serpanos, Dimitrios N.

SECRYPT 2009 - International Conference on Security and Cryptography, Proceedings. 2009. p. 83-91.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Iatrou, MG, Voyiatzis, AG & Serpanos, DN 2009, Network stack optimization for improved IPsec performance on linux. in SECRYPT 2009 - International Conference on Security and Cryptography, Proceedings. pp. 83-91, SECRYPT 2009 - International Conference on Security and Cryptography, Milan, Italy, 7/7/09.
Iatrou MG, Voyiatzis AG, Serpanos DN. Network stack optimization for improved IPsec performance on linux. In SECRYPT 2009 - International Conference on Security and Cryptography, Proceedings. 2009. p. 83-91
Iatrou, Michael G. ; Voyiatzis, Artemios G. ; Serpanos, Dimitrios N. / Network stack optimization for improved IPsec performance on linux. SECRYPT 2009 - International Conference on Security and Cryptography, Proceedings. 2009. pp. 83-91
@inproceedings{7be78100fb674dc9bac8bd86bfc94f26,
title = "Network stack optimization for improved IPsec performance on linux",
abstract = "Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.",
keywords = "IPsec, Linux, Performance, Petworking, Security",
author = "Iatrou, {Michael G.} and Voyiatzis, {Artemios G.} and Serpanos, {Dimitrios N.}",
year = "2009",
month = "12",
day = "1",
language = "English",
isbn = "9789896740054",
pages = "83--91",
booktitle = "SECRYPT 2009 - International Conference on Security and Cryptography, Proceedings",

}

TY - GEN

T1 - Network stack optimization for improved IPsec performance on linux

AU - Iatrou, Michael G.

AU - Voyiatzis, Artemios G.

AU - Serpanos, Dimitrios N.

PY - 2009/12/1

Y1 - 2009/12/1

N2 - Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.

AB - Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.

KW - IPsec

KW - Linux

KW - Performance

KW - Petworking

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=74549134562&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=74549134562&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:74549134562

SN - 9789896740054

SP - 83

EP - 91

BT - SECRYPT 2009 - International Conference on Security and Cryptography, Proceedings

ER -