A clustering and traffic-redistribution scheme for high-performance IPsec VPNs

Authors:
Pan-Lung Tsai;Chun-Ying Huang;Yun-Yin Huang;Chia-Chang Hsu;Chin-Laung Lei
Affiliations:
Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan;Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan;Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan;Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan;Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan
Venue:
HiPC'05 Proceedings of the 12th international conference on High Performance Computing
Year:
2005

Citing 14
Cited 2

The Switch Book: The Complete Guide to LAN Switching Technology

The Switch Book: The Complete Guide to LAN Switching Technology
Virtual Private Networks: Leveraging the Internet

Computer
The Latest in Virtual Private Networks: Part I

IEEE Internet Computing
Design, Implementation and Performance Evaluation of IP-VPN

AINA '03 Proceedings of the 17th International Conference on Advanced Information Networking and Applications
Network Systems Design Using Network Processors

Network Systems Design Using Network Processors
Making the Gigabit IPsec VPN Architecture Secure

Computer
High-Throughput Programmable Cryptocoprocessor

IEEE Micro
VPN Gateways over Network Processors: Implementation and Evaluation

RTAS '05 Proceedings of the 11th IEEE Real Time on Embedded Technology and Applications Symposium
The Latest in VPNs: Part II

IEEE Internet Computing
Driving fiber to the home

IEEE Communications Magazine
Scalability implications of virtual private networks

IEEE Communications Magazine
Virtual private network services: scenarios, requirements and architectural constructs from a standardization perspective

IEEE Communications Magazine
Layer 2 and 3 virtual private networks: taxonomy, technology, and standardization efforts

IEEE Communications Magazine
Virtual private networks: an overview with performance evaluation

IEEE Communications Magazine

Analysis and evaluation of a multiple gateway traffic-distribution scheme for gateway clusters

Computer Communications
A decentralized clustering scheme for transparent mode devices

Cluster Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

CPE-based IPsec VPNs have been widely used to provide secure private communication across the Internet. As the bandwidth of WAN links keeps growing, the bottleneck in a typical deployment of CPE-based IPsec VPNs has moved from the last-mile connections to the customer-edge security gateways. In this paper, we propose a clustering scheme to scale the throughput as required by CPE-based IPsec VPNs. The proposed scheme groups multiple security gateways into a cluster using a transparent self-dispatching technique and allows as many gateways to be added as necessary until the resulting throughput is again limited by the bandwidth of the last-mile connections. It also includes a flow-migration mechanism to keep the load of the gateways balanced. The results of the performance evaluation confirm that the clustering technique and the traffic-redistribution mechanism together create a transparent, adaptive, and highly scalable solution for building high-performance IPsec VPNs.