Title :
A Multi-tunnel VPN Concurrent System for New Generation Network Based on User Space
Author :
Shen, Yan ; Zhang, Qi-fei ; Ping, Ling-di ; Wang, Ya-fei ; Li, Wen-juan
Author_Institution :
Coll. of Comput. Sci. & Technol., Zhejiang Univ., Hangzhou, China
Abstract :
In the existing large-scale performance test of IPsec tunnel, it often needs special software and hardware. To solve the problem, this article proposed a new method, in which packet was encapsulated in user space, and a multi-tunnel controller was designed and implemented with the method of FSM(finite state machine), which controlled the negotiation and establishment of multiple tunnel, including L2tp, IKEv1, IKEv2, IKEv2+EAP and L2tp Over IPsec. Libpcap was used as the bottom layer driver of package, and the application of zero copy technique had reduced system cost immensely. At last, the result of the experiment verified the performance of the IKEv1 tunnel on Tunnel-mode and Transport-mode.
Keywords :
IP networks; computer network security; finite state machines; protocols; virtual private networks; FSM method; IKEv1 tunnel; IKEv2 tunnel; IKEv2+EAP tunnel; IPsec tunnel; L2tp Over IPsec tunnel; L2tp tunnel; finite state machine; large-scale performance test; multitunnel VPN concurrent system; multitunnel controller; new generation network; transport-mode; tunnel-mode; user space; virtual private network; zero copy technique; Authentication; DH-HEMTs; IP networks; Kernel; Linux; Process control; Protocols; FSM (finite scale machine); IPv6; Ipsec (internet protocol security); multi-tunnel; user space; zero-copy;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.41
