Browse > Article

IPsec Security Server Performance Analysis Model  

윤연상 (충북대학교 정보통신공학과)
이선영 (충북대학교 정보통신공학과)
박진섭 (충북대학교 정보통신공학과)
권순열 (충북대학교 정보통신공학과)
김용대 (충북대학교 정보통신공학과)
양상운 (ETRI 부설 국가보안기술연구소)
장태주 (ETRI 부설 국가보안기술연구소)
유영갑 (충북대학교 정보통신공학과)
Publication Information
Journal of the Institute of Electronics Engineers of Korea TC / v.41, no.9, 2004 , pp. 9-16 More about this Journal
Abstract
This paper proposes a performance analysis model of security servers comprising IPSec accelerators. The proposed model is based on a M/M1 queueing system with traffic load of Poisson distribution. The decoding delay has been defined to cover parameters characterizing hardware of security sorrels. Decoding delay values of a commercial IPSec accelerator are extracted yielding less than 15% differences from measured data. The extracted data are used to simulate the server system with the proposed model. The simulated performance of the cryptographic processor BCM5820 is around 75% of the published claimed level. The performance degradation of 3.125% and 14.28% are observed for 64byte packets and 1024byte packets, respectively.
Keywords
IPSec accelerator; Security server; Server performance estimation;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Fraleigh and S. Moon, 'Packet-level traffic measurements from the SPRINT IP backbone,' IEEE Journal of Network, vol. 17, pp. 6-16, Nov. 2003   DOI   ScienceOn
2 SPEC Co., 'Standard Web Page Size in SPEC web 99,' http://www.spec.org/web96/workload.html
3 M. McLoone and J.V. McCanny, 'A single-chip IPSec cryptographic processor,' IEEE Workshop on Signal Processing Systems, pp. 133-138, Oct. 2002
4 Broadcom Co., BCM5820 Product Brief, http://www.broadcom.com/collateral/pb/5820-PB04 -R.pdf
5 Broadcom Co., 'Comparising the performance of Broadcom IPSec boards,' http://www.broadcom.com/ collateral/wp/XPSEC-WPl(X)-RDS.pdf
6 S. Miltchev and S. Ioannidis, 'A study of the relative costs of network secutity protocols,' In Proceedings of USENIX Annual Technical Conf., Freenix Track, pp. 41-48, June 2002
7 I. Cao and M. Anderson, 'Web server performance modeling using an M/G/1/K*PS queue,' 10th Int'l. Conf. on Telecommunications, vol. 2, pp. 1501-1506, Feb. 2003   DOI
8 A.V. Borshchev and Y.G. Karpov, 'Systems modeling, simulation and analysis using COVERS active objects,' IEEE Workshop on Engineering of Computer Based Systems (ECBS '97), pp. 220-227, Mar 1997   DOI
9 S. Ken, Security Architecture for the Internet Protocol, http://www.ietf.org/internetdrafts/draft-ietf-ipsec-rfc2401bis-00.txt
10 이호우, 대기행렬이론-확률과정론적 분석, 시그마프레스, 1998
11 V. Paxson and S. Floyd, 'The failure of Poisson modeling,' IEEE/ACM Trans on Networking, vol. 3, pp. 226-244, June 1995   DOI   ScienceOn
12 한국전산원, 2002 국가정보화백서
13 M. Merkow and J. Breithaupt, The Complete Guide to Internet Security, AMACOM, 2000
14 윤문길, '인터넷 접속기술,' http://mslab.hau.ac.kr/it_02/4.ppt
15 XJ Technologies, Anylogic4.5 Product Overview, http://www.xjtek.com