IPsec and IKE as Functions in SDN Controlled Network

Currently IPsec performance in high-speed networks is problematic. Traditionally the connections are established between some multifunction network devices which are typically inefficient already in 10 Gbps packet delivery and do not have high-availability nor scalability features. In the Software-Defined Networking, packets only travel through the desired dedicated networking devices. However, few high-speed stand-alone IPsec solutions exists that can be hooked up with the SDN. In this paper we propose a design which will utilize the IPsec in SDN fashion by separating IKE and packet encryption. Experimental results show that high-availability and scalability goals are reached and per-client throughput is increased. The IPsec protocol suite can thus face the on-going need for faster packet processing rate.

Markku Vajaranta (University of Turku), Joona Kannisto, Jarmo Harju (Aalto University): IPsec and IKE as Functions in SDN Controlled Network

Presented at NSS 2017, Helsinki. Lecture Notes in Computer Science, volume 10394

https://link.springer.com/chapter/10.1007/978-3-319-64701-2_39

Share on LinkedInGoogle+Tweet about this on TwitterShare on FacebookEmail to someone