A 10 Gbit/s IPSEC Gateway Implementation
نویسندگان
چکیده
Internet Security (IPSEC) protocol is part of a design consideration in Virtual Private Networks (VPN). In this paper, we design and implement a 10 Gbit/s gateway router for IPSEC processing using the Intel network processor IXP2850. In particular, using software and hardware partitioning on a complex multi processor system, i.e., selecting appropriate processors to offload computational intensive tasks, we are able to accelerate the IPSEC data path. We also highlight the performance issues with IPSEC protocol implementation using the cryptography engines in IXP2850, and propose efficient data structure for key management in the buffer when large number of security associations are re-keyed at line speed. Key-Words: IPSEC hardware support, virtual private networks, network processor, high-speed networks
منابع مشابه
A 1 Gbit/s Partially Unrolled Architecture of Hash Functions SHA-1 and SHA-512
Hash functions are among the most widespread cryptographic primitives, and are currently used in multiple cryptographic schemes and security protocols, such as IPSec and SSL. In this paper, we investigate a new hardware architecture for a family of dedicated hash functions, including American standards SHA-1 and SHA-512. Our architecture is based on unrolling several message digest steps and ex...
متن کاملA 1 Gbit/s Partially Unrolled Architecture of Hash Functions
Hash functions are among the most widespread cryptographic primitives, and are currently used in multiple cryptographic schemes and security protocols, such as IPSec and SSL. In this paper, we investigate a new hardware architecture for a family of dedicated hash functions, including American standards, SHA-1 and SHA-512. Our architecture is based on unrolling several message digest steps and e...
متن کاملIPSec over Heterogeneous IPv4 and IPv6 Networks: ISSUES AND IMPLEMENTATION
In the face of looming IPv4 address exhaustion and the slow pace of IPv4 to IPv6 migration, this work deploys the IPv4/IPv6 translation gateway as a mechanism to ensure most of IPv6 mission critical applications to continuously interoperate with legacy IPv4 nodes. However, the existence of translation gateway between two IPSec nodes from disparate address realms imposes some incompatibility iss...
متن کاملProtego: Cloud-Scale Multitenant IPsec Gateway
Virtual cloud network services let users have their own private networks in the public cloud. IPsec gateways are growing in importance accordingly as they provide VPN connections for customers to remotely access these private networks. Major cloud providers offer IPsec gateway functions to tenants using virtual machines (VMs) running a software IPsec gateway inside. However, dedicating individu...
متن کاملCompromis performance/sécurité des passerelles très haut débit pour Internet. (Performance/security trade-off for high-bandwidth Internet VPN gateways.)
In this thesis, we explore the design of a high-bandwidth IPsec gateway to secure communications between local networks. We consider two gateway architectures: the first one, called "integrated gateway", is a purely software approach that uses a single server; the second one, called "split architecture", relies on a hardware security module and two standard servers. The first contribution of th...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004