Optimizations for high-performance IPsec execution

Michael G. Iatrou, Artemios G. Voyiatzis, Dimitrios N. Serpanos

Research output: Chapter in Book/Report/Conference proceedingConference contribution


The requirement for accessing, through the public Internet, private resources in a secure fashion from anywhere has turned Virtual Private Network (VPN) connectivity into a necessity. Internet Protocol Security (IPsec) is the de facto standardized VPN technology with support for multiple connectivity scenarios. The cryptographic transformations of IPsec are widely considered as a performance bottleneck and the usual target for optimization. We present a set of system conguration optimizations on Linux that achieve signicant throughput gains, supported by extensive measurements. Our work demonstrates that IPsec performance can be significantly improved without altering the implementation of the cryptographic algorithms.

Original languageEnglish
Title of host publicationCommunications in Computer and Information Science
Number of pages13
Volume130 CCIS
Publication statusPublished - 1 Dec 2011
Externally publishedYes
Event6th International Joint Conference on e-Business and Telecommunications, ICETE 2009 - Milan, Italy
Duration: 7 Jul 200910 Jul 2009

Publication series

NameCommunications in Computer and Information Science
Volume130 CCIS
ISSN (Print)18650929


Other6th International Joint Conference on e-Business and Telecommunications, ICETE 2009



  • IPsec
  • Networking
  • Performance
  • Protocol optimization
  • Security

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Iatrou, M. G., Voyiatzis, A. G., & Serpanos, D. N. (2011). Optimizations for high-performance IPsec execution. In Communications in Computer and Information Science (Vol. 130 CCIS, pp. 199-211). (Communications in Computer and Information Science; Vol. 130 CCIS). https://doi.org/10.1007/978-3-642-20077-9_14