Journal of the Institute of Electronics Engineers of Korea TC (대한전자공학회논문지TC)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

IPsec Security Server Performance Analysis Model

IPSec보안서버의 성능분석 모델

  • 윤연상 (충북대학교 정보통신공학과) ;
  • 이선영 (충북대학교 정보통신공학과) ;
  • 박진섭 (충북대학교 정보통신공학과) ;
  • 권순열 (충북대학교 정보통신공학과) ;
  • 김용대 (충북대학교 정보통신공학과) ;
  • 양상운 (ETRI 부설 국가보안기술연구소) ;
  • 장태주 (ETRI 부설 국가보안기술연구소) ;
  • 유영갑 (충북대학교 정보통신공학과)
  • Published : 2004.09.01
Download PDF
⟨ Previous Next ⟩

Abstract

This paper proposes a performance analysis model of security servers comprising IPSec accelerators. The proposed model is based on a M/M1 queueing system with traffic load of Poisson distribution. The decoding delay has been defined to cover parameters characterizing hardware of security sorrels. Decoding delay values of a commercial IPSec accelerator are extracted yielding less than 15% differences from measured data. The extracted data are used to simulate the server system with the proposed model. The simulated performance of the cryptographic processor BCM5820 is around 75% of the published claimed level. The performance degradation of 3.125% and 14.28% are observed for 64byte packets and 1024byte packets, respectively.

본 논문에서는 IPSec 가속기를 보안서버에 장착하였을 경우의 성능분석모델을 제안하였다. 제안된 보안서버는 M/M/1 시스템으로 모델링하였으며 트래픽 로드는 포아송분포를 이용하였다 보안서버의 성능변수를 통합하여 디코딩지연이라고 정의하였으며 IPSec 가속기인 BCM5820의 실측 결과와 비교하여 15%정도의 차이를 갖는 디코딩지연을 추출하였다 디코딩 지연을 제안된 성능분석모델에 대입하여 시뮬레이션 하였을 경우 보안연결은 BCM5820의 발표된 성능의 75%의 처리량을 보였다. 그리고 데이터전달은 발표된 성능의 각각 3.125%(패킷크기 64byte), 14.28%(패킷크기 1024byte)의 처리량을 보였다.

Keywords

References

  1. M. Merkow and J. Breithaupt, The Complete Guide to Internet Security, AMACOM, 2000
  2. M. McLoone and J.V. McCanny, 'A single-chip IPSec cryptographic processor,' IEEE Workshop on Signal Processing Systems, pp. 133-138, Oct. 2002
  3. Broadcom Co., BCM5820 Product Brief, http://www.broadcom.com/collateral/pb/5820-PB04 -R.pdf
  4. Broadcom Co., 'Comparising the performance of Broadcom IPSec boards,' http://www.broadcom.com/ collateral/wp/XPSEC-WPl(X)-RDS.pdf
  5. S. Miltchev and S. Ioannidis, 'A study of the relative costs of network secutity protocols,' In Proceedings of USENIX Annual Technical Conf., Freenix Track, pp. 41-48, June 2002
  6. I. Cao and M. Anderson, 'Web server performance modeling using an M/G/1/K*PS queue,' 10th Int'l. Conf. on Telecommunications, vol. 2, pp. 1501-1506, Feb. 2003 https://doi.org/10.1109/ICTEL.2003.1191656
  7. A.V. Borshchev and Y.G. Karpov, 'Systems modeling, simulation and analysis using COVERS active objects,' IEEE Workshop on Engineering of Computer Based Systems (ECBS '97), pp. 220-227, Mar 1997 https://doi.org/10.1109/ECBS.1997.581865
  8. S. Ken, Security Architecture for the Internet Protocol, http://www.ietf.org/internetdrafts/draft-ietf-ipsec-rfc2401bis-00.txt
  9. 이호우, 대기행렬이론-확률과정론적 분석, 시그마프레스, 1998
  10. V. Paxson and S. Floyd, 'The failure of Poisson modeling,' IEEE/ACM Trans on Networking, vol. 3, pp. 226-244, June 1995 https://doi.org/10.1109/90.392383
  11. 한국전산원, 2002 국가정보화백서
  12. 윤문길, '인터넷 접속기술,' http://mslab.hau.ac.kr/it_02/4.ppt
  13. XJ Technologies, Anylogic4.5 Product Overview, http://www.xjtek.com
  14. C. Fraleigh and S. Moon, 'Packet-level traffic measurements from the SPRINT IP backbone,' IEEE Journal of Network, vol. 17, pp. 6-16, Nov. 2003 https://doi.org/10.1109/MNET.2003.1248656
  15. SPEC Co., 'Standard Web Page Size in SPEC web 99,' http://www.spec.org/web96/workload.html