Skip to main content
Springer Nature Link
Log in

A Clustering and Traffic-Redistribution Scheme for High-Performance IPsec VPNs

  • Conference paper
High Performance Computing – HiPC 2005 (HiPC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3769))

Included in the following conference series:

  • 637 Accesses

Abstract

CPE-based IPsec VPNs have been widely used to provide secure private communication across the Internet. As the bandwidth of WAN links keeps growing, the bottleneck in a typical deployment of CPE-based IPsec VPNs has moved from the last-mile connections to the customer-edge security gateways. In this paper, we propose a clustering scheme to scale the throughput as required by CPE-based IPsec VPNs. The proposed scheme groups multiple security gateways into a cluster using a transparent self-dispatching technique and allows as many gateways to be added as necessary until the resulting throughput is again limited by the bandwidth of the last-mile connections. It also includes a flow-migration mechanism to keep the load of the gateways balanced. The results of the performance evaluation confirm that the clustering technique and the traffic-redistribution mechanism together create a transparent, adaptive, and highly scalable solution for building high-performance IPsec VPNs.

This work was supported in part by the Taiwan Information Security Center, National Science Council under the grant NSC 94-3114-P-001-001-Y.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ortiz Jr., S.: Virtual private networks: Leveraging the Internet. IEEE Computer 30, 18–20 (1997)

    Google Scholar 

  2. Kent, S., Atkinson, R.: Security architecture for the Internet protocol. RFC 2401 (1998)

    Google Scholar 

  3. Knight, P., Lewis, C.: Layer 2 and 3 virtual private networks: Taxonomy, technology, and standardization efforts. IEEE Communications Magazine 42, 124–131 (2004)

    Article  Google Scholar 

  4. Elkeelany, O., Matalgah, M.M., Sheikh, K.P., Thaker, M., Chaudhry, G., Medhi, D., Qaddour, J.: Performance analysis of IPSec protocol: Encryption and authentication. In: Proceedings of 2002 IEEE International Conference on Communications (ICC 2002), vol. 2, pp. 1164–1168 (2002)

    Google Scholar 

  5. Lin, J.C., Chang, C.T., Chung, W.T.: Design, implementation and performance evaluation of IP-VPN. In: Proceedings of 17th International Conference on Advanced Information Networking and Applications (AINA 2003), pp. 206–209 (2003)

    Google Scholar 

  6. Khanvilkar, S., Khokhar, A.: Virtual private networks: An overview with performance evaluation. IEEE Communications Magazine 42, 146–154 (2004)

    Article  Google Scholar 

  7. Kettler, D., Kafka, H., Spears, D.: Driving fiber to the home. IEEE Communications Magazine 38, 106–110 (2000)

    Article  Google Scholar 

  8. Metz, C.: The latest in virtual private networks: Part I. IEEE Internet Computing 7, 87–91 (2003)

    Article  Google Scholar 

  9. Metz, C.: The latest in virtual private networks: Part II. IEEE Internet Computing 8, 60–65 (2003)

    Article  Google Scholar 

  10. Carugi, M., De Clercq, J.: Virtual private network services: Scenarios, requirements and architectural constructs from a standardization perspective. IEEE Communications Magazine 42, 116–122 (2004)

    Article  Google Scholar 

  11. De Clercq, J., Paridaens, O.: Scalability implications of virtual private networks. IEEE Communications Magazine 40, 151–157 (2002)

    Article  Google Scholar 

  12. Devlin, B., Gray, J., Laing, B., Spix, G.: Scalability terminology: Farms, clones, partitions, and packs: RACS and RAPS. Technical Report MS-TR-99-85, Microsoft Research (1999)

    Google Scholar 

  13. Hodjat, A., Verbauwhede, I.: High-throughput programmable cryptocoprocessor. IEEE Micro 24, 34–45 (2004)

    Article  Google Scholar 

  14. Ha, C.S., Lee, J.H., Leem, D.S., Park, M.S., Choi, B.Y.: ASIC design of IPSec hardware accelerator for network security. In: Proceedings of 2004 IEEE Asia-Pacific Conference on Advanced System Integrated Circuits (AP-ASIC 2004), pp. 168–171 (2004)

    Google Scholar 

  15. Friend, R.: Making the gigabit IPsec VPN architecture secure. IEEE Computer 37, 54–60 (2004)

    Google Scholar 

  16. Lin, Y.N., Lin, C.H., Lin, Y.D., Lai, Y.C.: VPN gateways over network processors: Implementation and evaluation. In: Proceedings of 11th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS 2005), pp. 480–486 (2005)

    Google Scholar 

  17. The Tolly Group, Inc.: Intel IXP425 network processors: Performance analysis of VPN devices. Document No. 204132 (2004)

    Google Scholar 

  18. Han, M., Kim, J., Sohn, S.: Network processor for IPSec. In: Proceedings of 6th International Conference on Advanced Communication Technology (ICACT 2004), vol. 1, pp. 485–487 (2004)

    Google Scholar 

  19. Comer, D.E.: Network Systems Design Using Network Processors. Pearson Prentice Hall, Inc., London (2003)

    Google Scholar 

  20. IEEE Standards Association: IEEE standard for local and metropolitan area networks: Media access control (MAC) bridges. IEEE 802.1D-2004 (2004)

    Google Scholar 

  21. Seifert, R.: The Switch Book: The Complete Guide to LAN Switching Technology. John Wiley & Sons, Inc., Chichester (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, National Taiwan University, Taipei, 106, Taiwan

    Pan-Lung Tsai, Chun-Ying Huang, Yun-Yin Huang, Chia-Chang Hsu & Chin-Laung Lei

Authors
  1. Pan-Lung Tsai
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chun-Ying Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yun-Yin Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chia-Chang Hsu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Chin-Laung Lei
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. College of Computing, Georgia Institute of Technology, 30332, Atlanta, GA, USA

    David A. Bader

  2. Department of Electrical and Computer Engineering, Rutgers, the State University of New Jersey, 94 Brett Road, 08854, Piscataway, NJ, USA

    Manish Parashar

  3. Satyam Computer Services Ltd., Indian Institute of Science Campus, Entrepreneurship Centre, SID Block, 560 012, Bangalore, India

    Varadarajan Sridhar

  4. Department of Electrical Engineering, University of Southern California, 90089-2562, Los Angeles, CA, USA

    Viktor K. Prasanna

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tsai, PL., Huang, CY., Huang, YY., Hsu, CC., Lei, CL. (2005). A Clustering and Traffic-Redistribution Scheme for High-Performance IPsec VPNs. In: Bader, D.A., Parashar, M., Sridhar, V., Prasanna, V.K. (eds) High Performance Computing – HiPC 2005. HiPC 2005. Lecture Notes in Computer Science, vol 3769. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11602569_45

Download citation

  • DOI: https://doi.org/10.1007/11602569_45

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30936-9

  • Online ISBN: 978-3-540-32427-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation