A Multi-tunnel VPN Concurrent System for New Generation Network Based on User Space

Author

Shen, Yan ; Zhang, Qi-fei ; Ping, Ling-di ; Wang, Ya-fei ; Li, Wen-juan

Author_Institution

Coll. of Comput. Sci. & Technol., Zhejiang Univ., Hangzhou, China

fYear

2012

fDate

25-27 June 2012

Firstpage

1334

Lastpage

1341

Abstract

In the existing large-scale performance test of IPsec tunnel, it often needs special software and hardware. To solve the problem, this article proposed a new method, in which packet was encapsulated in user space, and a multi-tunnel controller was designed and implemented with the method of FSM(finite state machine), which controlled the negotiation and establishment of multiple tunnel, including L2tp, IKEv1, IKEv2, IKEv2+EAP and L2tp Over IPsec. Libpcap was used as the bottom layer driver of package, and the application of zero copy technique had reduced system cost immensely. At last, the result of the experiment verified the performance of the IKEv1 tunnel on Tunnel-mode and Transport-mode.

Keywords

IP networks; computer network security; finite state machines; protocols; virtual private networks; FSM method; IKEv1 tunnel; IKEv2 tunnel; IKEv2+EAP tunnel; IPsec tunnel; L2tp Over IPsec tunnel; L2tp tunnel; finite state machine; large-scale performance test; multitunnel VPN concurrent system; multitunnel controller; new generation network; transport-mode; tunnel-mode; user space; virtual private network; zero copy technique; Authentication; DH-HEMTs; IP networks; Kernel; Linux; Process control; Protocols; FSM (finite scale machine); IPv6; Ipsec (internet protocol security); multi-tunnel; user space; zero-copy;

fLanguage

English

Publisher

ieee

Conference_Titel

Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on

Conference_Location

Liverpool

Print_ISBN

978-1-4673-2172-3

Type

conf

DOI

10.1109/TrustCom.2012.41

Filename

6296135