An IPSec Accelerator for the High-performance Virtual Private Networks

  • Ryu, Dae-Hyun ;
  • Na, Jong-Whoa ;
  • Shin, Seung-Jung ;
  • Jang, Seung-Ju ;
  • Kim, Jung-Tae
  • Published : 2003.03.01

Abstract

A cost efficient IPSec Accelerator board utilizing a crypto chip and an entry-level Linux PC for the high performance VPN is presented in this paper. The IPIP (IP-over-IP tunneling) processing, encryption & decryption processing, HASH processing, and the integrity test functions of IPSec are processed in the IPSec Accelerator board. The proposed IPSec Accelerator has demonstrated successful execution of the required functions of the IPSec packet processing and verified its performance by processing the IPSec packets at the rate of over 1 Gbps.

Keywords

VPN;IPSec;Accelerator

References

  1. T. Braun, M. Kasumi, et al., 'Virtual Private Network Architecture', IAM-99-01, April 1999
  2. J.P. McGregor, R.B. Lee, 'Performance impact of data compression on virtual private network transactions', 25th Annual IEEE Conference on Local Computer Networks (LCN'00), pp.501-510, Nov. 2000
  3. J. W. Yoon, Y. K. Kim, D. H. Ryu, 'On a Implementation of High-Speed VPN Gateway with Parallel Architecture', WISC2001, Sept. 2001
  4. J. T. Kim, D. H. Ryu, H. K. Moon, 'A Study on the VPN Gateway Architecture for Speed Acceleration', pp.101-107, Journal of KICS, Vol. 27, No. 8T, Aug. 2002
  5. C. J. C. Pena, J. Evans, 'Performance evaluation of software Virtual Private Networks', 25th Annual IEEE Conference on Local Computer Networks (LCN'00), pp. 522-523, Nov. 2000
  6. Implementing Virtual Private Networks, Steven Brown, McGraw-Hill, 1999
  7. St. Kent, R. Atkinson: Security Architecture for the Internet Protocol; RFC 2401, Nov. 1998
  8. http://www.cavium.com/products.html