The IPSec Systems on TOE for Gigabit Network

기가비트 네트워크 지원을 위한 TOE 기반 IPSec 시스템

  • Shin, Chi-Hoon (Computer S/W Engineering in University of Science and Technology, Server Platform Research Team in Electronics and Telecommunications Research Institute) ;
  • Kim, Sun-Wook (Server Platform Research Team in Electronics and Telecommunications Research Institute) ;
  • Park, Kyoung (Server Platform Research Team in Electronics and Telecommunications Research Institute) ;
  • Kim, Sung-Woon (Server Platform Research Team in Electronics and Telecommunications Research Institute)
  • 신치훈 (과학기술연합대학원대학교(UST) 컴퓨터 및 소프트웨어공학과, 한국전자통신연구원(ETRI) 서버플랫폼연구팀) ;
  • 김선욱 (한국전자통신연구원(ETRI) 서버플랫폼연구팀) ;
  • 박경 (한국전자통신연구원(ETRI) 서버플랫폼연구팀) ;
  • 김성운 (한국전자통신연구원(ETRI) 서버플랫폼연구팀)
  • Published : 2005.11.26

Abstract

This paper describes the designs and the implementations of two H/W IPSec Systems, look-aside and inline, on TOE (Transport Offloading Engine). These systems aim for guaranteeing the security of datagram networks while preserving the bandwidth of gigabit networks. The TOE offloads a host CPU from network burdens, so that it makes the gigabit wire speed possible, and then deeper level security architecture of the IPSec guarantees the security of gigabit service network dominated by datagram packets. The focus of this paper is to minimize the TOE's performance degradation caused by the computation-oriented IPSec. The look-aside IPSec system provides a significant improvement in the CPU offload of the IPSec cryptography loads. However, the inline system completely offloads the host CPU from whole IPSec loads, providing significant additional cost saving compared to the look-aside system. In this paper, the implementations of TOE cards including commercial IPSec processors are presented. As the result of performance evaluation with the protocol analyzer, we can get the fact that the inline IPSec system is 8 times faster than the S/W system and 2 times faster than the look-aside system.

Keywords