An IPsec seamless switching mechanism with high availability and scalability by extending IKEv2 protocol

Author

Liang Yu ; Shijie Jia ; Changgiao Xu ; Jianfeng Guan ; Deyun Gao

Author_Institution

Nat. Eng. Lab. for Next Generation Internet Interconnection Devices, Beijing Jiaotong Univ., Beijing, China

fYear

2011

fDate

28-30 Oct. 2011

Firstpage

25

Lastpage

29

Abstract

IPsec as a very popular security protocol solves the increasing problems of network security. The IPsec-gateway cluster as a solution of large-scale IPsec implement improves the availability of IPsec-gateway. The traditional IPsec-gateway cluster needs to use a large number of hardware resources to keep availability of IPsec-gateway. However, the low utilization rate of resources restricts the scalability of IPsec-gateway cluster. In this paper, we propose a new IPsec-gateway cluster mechanism by improving and extending IKEv2 protocol. Meanwhile, we design a standby IPsec-gateway Selection Algorithm (GWSA), a distributed and switch SA policy (DSAP), ESP packets synchronous and retransmission policy. This mechanism can deploy IPsec-gateways in different network segments and prevent ESP packets loss when IPsec-gateway performs switching. Through simulation, we show that the above mechanism can improve the availability and scalability of IPsec-gateway cluster.

Keywords

IP networks; computer network security; protocols; IKEv2 protocol; IPsec seamless switching mechanism; IPsec-gateway cluster scalability; IPsec-gateway selection algorithm; distributed selection algorithm policy; network security; packet retransmission policy; packet synchronous policy; security protocol; switch selection algorithm policy; IKEv2; IPsec; IPsec High Availability; Seamless Switching; VPN;

fLanguage

English

Publisher

iet

Conference_Titel

Advanced Intelligence and Awareness Internet (AIAI 2011), 2011 International Conference on

Conference_Location

Shenzhen

Electronic_ISBN

978-1-84919-471-6

Type

conf

DOI

10.1049/cp.2011.1421

Filename

6233190