NETWORK STACK OPTIMIZATION FOR IMPROVED IPSEC PERFORMANCE ON LINUX
Michael G. Iatrou, Artemios G. Voyiatzis, Dimitrios N. Serpanos
2009
Abstract
Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.
DownloadPaper Citation
in Harvard Style
G. Iatrou M., G. Voyiatzis A. and N. Serpanos D. (2009). NETWORK STACK OPTIMIZATION FOR IMPROVED IPSEC PERFORMANCE ON LINUX . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 83-91. DOI: 10.5220/0002225600830091
in Bibtex Style
@conference{secrypt09,
author={Michael G. Iatrou and Artemios G. Voyiatzis and Dimitrios N. Serpanos},
title={NETWORK STACK OPTIMIZATION FOR IMPROVED IPSEC PERFORMANCE ON LINUX},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={83-91},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002225600830091},
isbn={978-989-674-005-4},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - NETWORK STACK OPTIMIZATION FOR IMPROVED IPSEC PERFORMANCE ON LINUX
SN - 978-989-674-005-4
AU - G. Iatrou M.
AU - G. Voyiatzis A.
AU - N. Serpanos D.
PY - 2009
SP - 83
EP - 91
DO - 10.5220/0002225600830091