Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431646
T. Clinker, D. Meško, G. Viola, János Tapolcai
We propose two algorithms for dynamic routing of guaranteed bandwidth pipes with shared protection that provide low blocking through thrifty resource usage. We assume that a single working path can be protected by one or multiple protection paths, which are partially or fully disjoint from the working path. This allows better capacity re-use (i.e., better capacity sharing among protection paths). Furthermore, the resources used by the paths affected by the failure, can be also re-used. The significance of the proposed method "PDSP-LD" is that we consider the amount of shareable protection capacity of each link, while determining the protection path for all affected demands simultaneously. Therefore it gives optimal routing of shared protection paths in case of any single link failure! The obtained results can be used for routing with protection in SDH/SONET, ATM, MPLS, WR-DWDM (including ASTN/GMPLS) and other networks.
{"title":"Routing with partially disjoint shared path (PDSP) protection","authors":"T. Clinker, D. Meško, G. Viola, János Tapolcai","doi":"10.1109/NGI.2005.1431646","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431646","url":null,"abstract":"We propose two algorithms for dynamic routing of guaranteed bandwidth pipes with shared protection that provide low blocking through thrifty resource usage. We assume that a single working path can be protected by one or multiple protection paths, which are partially or fully disjoint from the working path. This allows better capacity re-use (i.e., better capacity sharing among protection paths). Furthermore, the resources used by the paths affected by the failure, can be also re-used. The significance of the proposed method \"PDSP-LD\" is that we consider the amount of shareable protection capacity of each link, while determining the protection path for all affected demands simultaneously. Therefore it gives optimal routing of shared protection paths in case of any single link failure! The obtained results can be used for routing with protection in SDH/SONET, ATM, MPLS, WR-DWDM (including ASTN/GMPLS) and other networks.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126536184","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431691
Meent van de Remco, M. Mandjes
To offer users a sufficient performance level, network links should be properly provisioned. The required bandwidth capacity may be determined through the use of a model of the real network traffic. In this paper, we study the use of two classes of traffic models: (i) 'user-oriented models', which capture the behavior of individual flows, and (ii) 'black-box models', which statistically describe the superposition of many users (and do not distinguish between individual flows). User-oriented models have the advantage that they allow for sensitivity analysis: the impact of a change in the user parameters (access rate, flow-size distribution) can be assessed. In general, however, our measurements indicated that black-box models are easier to estimate, and yield accurate provisioning guidelines.
{"title":"Evaluation of 'user-oriented' and 'black-box' traffic models for link provisioning","authors":"Meent van de Remco, M. Mandjes","doi":"10.1109/NGI.2005.1431691","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431691","url":null,"abstract":"To offer users a sufficient performance level, network links should be properly provisioned. The required bandwidth capacity may be determined through the use of a model of the real network traffic. In this paper, we study the use of two classes of traffic models: (i) 'user-oriented models', which capture the behavior of individual flows, and (ii) 'black-box models', which statistically describe the superposition of many users (and do not distinguish between individual flows). User-oriented models have the advantage that they allow for sensitivity analysis: the impact of a change in the user parameters (access rate, flow-size distribution) can be assessed. In general, however, our measurements indicated that black-box models are easier to estimate, and yield accurate provisioning guidelines.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"192 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129265515","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431650
Steve Uhlig, B. Quoitin
Today, engineering interdomain traffic in large transit ASs is a difficult task due the opacity of BGP and the interactions between the BGP decision process and IGP routing. In this paper we propose Tweak-it, a tool that, based on the steady-state view of BGP routing inside the AS and the traffic demands of the AS, computes the BGP updates to be sent to the ingress routers of a transit AS to traffic engineer its interdomain traffic over time. Tweak-it is based on two components: 1) a scalable BGP simulator (CBGP) that computes the steady-state behavior of BGP routing and 2) a multiple-objectives evolutionary heuristic that can deal with multiple conflicting objectives as they can occur in real networks. Tweak-it takes the intradomain configuration (IGP weights and topology), BGP messages received from peers, BGP routing policies, and traffic demands. By keeping the state of the routing inside the AS up-to-date and based on the traffic demands, the heuristics computes how to engineer the traffic of the AS while trying to minimize the number of BGP tweakings required.
{"title":"Tweak-it: BGP-based interdomain traffic engineering for transit ASs","authors":"Steve Uhlig, B. Quoitin","doi":"10.1109/NGI.2005.1431650","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431650","url":null,"abstract":"Today, engineering interdomain traffic in large transit ASs is a difficult task due the opacity of BGP and the interactions between the BGP decision process and IGP routing. In this paper we propose Tweak-it, a tool that, based on the steady-state view of BGP routing inside the AS and the traffic demands of the AS, computes the BGP updates to be sent to the ingress routers of a transit AS to traffic engineer its interdomain traffic over time. Tweak-it is based on two components: 1) a scalable BGP simulator (CBGP) that computes the steady-state behavior of BGP routing and 2) a multiple-objectives evolutionary heuristic that can deal with multiple conflicting objectives as they can occur in real networks. Tweak-it takes the intradomain configuration (IGP weights and topology), BGP messages received from peers, BGP routing policies, and traffic demands. By keeping the state of the routing inside the AS up-to-date and based on the traffic demands, the heuristics computes how to engineer the traffic of the AS while trying to minimize the number of BGP tweakings required.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130055654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431676
O. Alanen, Mikko Pääkkönen, Mikko Ketola, Timo Hämäläinen, J. Joutsensalo
Multicast admission control in differentiated services network is an important but shortly researched subject. We propose a parameter-based admission control method. The method rejects new multicast join requests that would otherwise decrease the quality experienced by the existing receivers. DiffServ network edge nodes filter join requests and generate new requests. The proposed method is developed as an extension to the DSMCast protocol but could also be adapted to other protocols. In this paper the parameter-based admission control is compared to earlier created, measurement-based admission control methods, as well to situation when no admission control is used.
{"title":"Enhanced admission control solution for multicasting with DiffServ","authors":"O. Alanen, Mikko Pääkkönen, Mikko Ketola, Timo Hämäläinen, J. Joutsensalo","doi":"10.1109/NGI.2005.1431676","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431676","url":null,"abstract":"Multicast admission control in differentiated services network is an important but shortly researched subject. We propose a parameter-based admission control method. The method rejects new multicast join requests that would otherwise decrease the quality experienced by the existing receivers. DiffServ network edge nodes filter join requests and generate new requests. The proposed method is developed as an extension to the DSMCast protocol but could also be adapted to other protocols. In this paper the parameter-based admission control is compared to earlier created, measurement-based admission control methods, as well to situation when no admission control is used.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128843568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431648
J. Niño-Mora
We address the problem of scheduling transmissions of heterogeneous packet traffic streams on a single link in the setting of a Markovian multiclass queueing model with losses, where every class has a dedicated finite buffer. Some classes correspond to real-time/delay-sensitive traffic (e.g. voice, video) whereas others correspond to nonreal-time/loss-sensitive traffic (e.g. data). Different levels of tolerance to delay and packet loss are modeled by suitable cost rates. The goal is to design well-grounded and tractable scheduling policies that nearly minimize the discounted or average expected cost objective. We develop new dynamic index policies, prescribing to give higher service priority to classes with larger index values, where the priority index of a class measures the marginal productivity of work at its current state. Such index policies are shown to furnish new, insightful structural results.
{"title":"Marginal productivity index policies for scheduling multiclass delay-/loss-sensitive traffic","authors":"J. Niño-Mora","doi":"10.1109/NGI.2005.1431648","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431648","url":null,"abstract":"We address the problem of scheduling transmissions of heterogeneous packet traffic streams on a single link in the setting of a Markovian multiclass queueing model with losses, where every class has a dedicated finite buffer. Some classes correspond to real-time/delay-sensitive traffic (e.g. voice, video) whereas others correspond to nonreal-time/loss-sensitive traffic (e.g. data). Different levels of tolerance to delay and packet loss are modeled by suitable cost rates. The goal is to design well-grounded and tractable scheduling policies that nearly minimize the discounted or average expected cost objective. We develop new dynamic index policies, prescribing to give higher service priority to classes with larger index values, where the priority index of a class measures the marginal productivity of work at its current state. Such index policies are shown to furnish new, insightful structural results.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127482855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431695
D. Kouvatsos, I. Awan, Y. Li
A analytic framework is devised, based on the principle of maximum entropy (ME), for the performance modeling of a wireless 4G cell with bursty multimedia traffic with hand off under an efficient MAC protocol with a buffer threshold-based generalized partial sharing (GPS) traffic handling scheme. In this context, an open queueing network model (QNM) is proposed consisting of three interacting multiclass GE-type queueing and delay systems, namely a GE/GE/c/sub 1//c/sub 1/ loss system of IP voice calls, a GE/GE/c/sub 2//N/sub 2//FCFS/CBS(T/sub l/T/sub h/) queueing system of streaming media packets with low (T/sub l/) and high (T/sub h/) buffer thresholds and a GE/GE/l/N/sub 3//PS delay system with a discriminatory PS transfer rule. Analytic ME solutions for the state probabilities of these systems are characterized, subject to appropriate GE-type queueing and delay theoretic constraints and new closed form expressions for the aggregate state and blocking probabilities are determined. Typical numerical examples are included to validate the ME performance metrics against Java-based simulation results and also to study the effect of bursty multiple class traffic upon the performance of the cell.
{"title":"Performance modeling of a wireless 4G cell under a GPS scheme with hand off","authors":"D. Kouvatsos, I. Awan, Y. Li","doi":"10.1109/NGI.2005.1431695","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431695","url":null,"abstract":"A analytic framework is devised, based on the principle of maximum entropy (ME), for the performance modeling of a wireless 4G cell with bursty multimedia traffic with hand off under an efficient MAC protocol with a buffer threshold-based generalized partial sharing (GPS) traffic handling scheme. In this context, an open queueing network model (QNM) is proposed consisting of three interacting multiclass GE-type queueing and delay systems, namely a GE/GE/c/sub 1//c/sub 1/ loss system of IP voice calls, a GE/GE/c/sub 2//N/sub 2//FCFS/CBS(T/sub l/T/sub h/) queueing system of streaming media packets with low (T/sub l/) and high (T/sub h/) buffer thresholds and a GE/GE/l/N/sub 3//PS delay system with a discriminatory PS transfer rule. Analytic ME solutions for the state probabilities of these systems are characterized, subject to appropriate GE-type queueing and delay theoretic constraints and new closed form expressions for the aggregate state and blocking probabilities are determined. Typical numerical examples are included to validate the ME performance metrics against Java-based simulation results and also to study the effect of bursty multiple class traffic upon the performance of the cell.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129173780","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431663
G. Raina, D. Wischik
In large multiplexers with many TCP flows, the aggregate traffic flow behaves predictably; this is a basis for the fluid model of Misra, Gong and Towsley V. Misra et al., (2000) and for a growing literature on fluid models of congestion control. In this paper we argue that different fluid models arise from different buffer-sizing regimes. We consider the large buffer regime (buffer size is bandwidth-delay product), an intermediate regime (divide the large buffer size by the square root of the number of flows), and the small buffer regime (buffer size does not depend on number of flows). Our arguments use various techniques from queueing theory. We study the behaviour of these fluid models (on a single bottleneck Kink, for a collection of identical long-lived flows). For what parameter regimes is the fluid model stable, and when it is unstable what is the size of oscillations and the impact on goodput? Our analysis uses an extension of the Poincare-Linstedt method to delay-differential equations. We find that large buffers with drop-tail have much the same performance as intermediate buffers with either drop-tail or AQM; that large buffers with RED are better at least for window sizes less than 20 packets; and that small buffers with either drop-tail or AQM are best over a wide range of window sizes, though the buffer size must be chosen carefully. This suggests that buffer sizes should be much much smaller than is currently recommended.
在具有许多TCP流的大型多路复用器中,聚合流量的行为是可预测的;这是Misra、Gong和Towsley V. Misra等人(2000)的流体模型的基础,也是越来越多关于拥塞控制流体模型的文献的基础。在本文中,我们认为不同的流体模型产生于不同的缓冲大小制度。我们考虑了大缓冲区制度(缓冲区大小是带宽延迟的乘积),中间制度(大缓冲区大小除以流量数量的平方根)和小缓冲区制度(缓冲区大小不依赖于流量的数量)。我们的参数使用了排队理论中的各种技术。我们研究了这些流体模型的行为(在一个单一的瓶颈扭结上,对于一个相同的长寿命流的集合)。流体模型在什么参数下是稳定的,当它不稳定时,振荡的大小和对goodput的影响是什么?我们的分析使用了对延迟微分方程的庞加莱-林斯泰特方法的扩展。我们发现,具有落尾的大缓冲区与具有落尾或AQM的中间缓冲区的性能基本相同;使用RED的大缓冲区至少对于小于20个数据包的窗口大小更好;并且具有落尾或AQM的小缓冲区在大范围的窗口大小范围内是最好的,尽管缓冲区大小必须仔细选择。这表明缓冲区大小应该比当前推荐的小得多。
{"title":"Buffer sizes for large multiplexers: TCP queueing theory and instability analysis","authors":"G. Raina, D. Wischik","doi":"10.1109/NGI.2005.1431663","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431663","url":null,"abstract":"In large multiplexers with many TCP flows, the aggregate traffic flow behaves predictably; this is a basis for the fluid model of Misra, Gong and Towsley V. Misra et al., (2000) and for a growing literature on fluid models of congestion control. In this paper we argue that different fluid models arise from different buffer-sizing regimes. We consider the large buffer regime (buffer size is bandwidth-delay product), an intermediate regime (divide the large buffer size by the square root of the number of flows), and the small buffer regime (buffer size does not depend on number of flows). Our arguments use various techniques from queueing theory. We study the behaviour of these fluid models (on a single bottleneck Kink, for a collection of identical long-lived flows). For what parameter regimes is the fluid model stable, and when it is unstable what is the size of oscillations and the impact on goodput? Our analysis uses an extension of the Poincare-Linstedt method to delay-differential equations. We find that large buffers with drop-tail have much the same performance as intermediate buffers with either drop-tail or AQM; that large buffers with RED are better at least for window sizes less than 20 packets; and that small buffers with either drop-tail or AQM are best over a wide range of window sizes, though the buffer size must be chosen carefully. This suggests that buffer sizes should be much much smaller than is currently recommended.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131718850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431677
D. Adami, N. Carlotti, S. Giordano, M. Pagano, M. Repeti
Multiprotocol label switching (MPLS) was originally conceived to improve the efficiency of packet forwarding in network equipments and it relies on a strict separation between the control and forwarding planes in the network functions as well as in the software and hardware architecture of the routers. The paper presents the results of an experimental study aimed at evaluating the performance of the control and forwarding planes in a metropolitan MPLS network, interconnecting three sites, located in Pisa and equipped with M10 Juniper routers. In particular, experimental tests have been carried out to deeply investigate the behaviour of the network control and forwarding planes in different working conditions.
{"title":"Performance study of the control and forwarding planes in a high speed MPLS network","authors":"D. Adami, N. Carlotti, S. Giordano, M. Pagano, M. Repeti","doi":"10.1109/NGI.2005.1431677","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431677","url":null,"abstract":"Multiprotocol label switching (MPLS) was originally conceived to improve the efficiency of packet forwarding in network equipments and it relies on a strict separation between the control and forwarding planes in the network functions as well as in the software and hardware architecture of the routers. The paper presents the results of an experimental study aimed at evaluating the performance of the control and forwarding planes in a metropolitan MPLS network, interconnecting three sites, located in Pisa and equipped with M10 Juniper routers. In particular, experimental tests have been carried out to deeply investigate the behaviour of the network control and forwarding planes in different working conditions.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133328619","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431690
M. Bitsaki, G. Stamoulis, C. Courcoubetis
We deal with the problem of bandwidth allocation in a two-level hierarchical market. In the top level a unique seller allocates bandwidth to intermediate providers [e.g. Internet service providers (ISPs)], who in turn allocate their assigned shares of bandwidth to their own customers in the lower level. As we have already established, this problem can be solved efficiently by means of an incentive compatible mechanism comprising auctions in both levels; the payment rule of the lower-level auction is imposed by the top-level seller. We investigate the properties of the mechanism in case where each of the competing intermediate providers can select the payment rule on his own, under a variety of assumptions on the information possessed by the various players as well as on their level of freedom to act in the market. For one of the cases analyzed we prove that providers have no incentive to deviate from the original payment rule.
{"title":"Auction-based bandwidth trading in a competitive hierarchical market","authors":"M. Bitsaki, G. Stamoulis, C. Courcoubetis","doi":"10.1109/NGI.2005.1431690","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431690","url":null,"abstract":"We deal with the problem of bandwidth allocation in a two-level hierarchical market. In the top level a unique seller allocates bandwidth to intermediate providers [e.g. Internet service providers (ISPs)], who in turn allocate their assigned shares of bandwidth to their own customers in the lower level. As we have already established, this problem can be solved efficiently by means of an incentive compatible mechanism comprising auctions in both levels; the payment rule of the lower-level auction is imposed by the top-level seller. We investigate the properties of the mechanism in case where each of the competing intermediate providers can select the payment rule on his own, under a variety of assumptions on the information possessed by the various players as well as on their level of freedom to act in the market. For one of the cases analyzed we prove that providers have no incentive to deviate from the original payment rule.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129169236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-04-18DOI: 10.1109/NGI.2005.1431672
Alberto Ferrante, Vincenzo Piuri, J. Owen
IPSec is a suite of protocols that adds security to communications at the IP level. This suite of protocols is becoming more and more important as it is included as mandatory security mechanism in IPv6. In this paper we provide an evaluation of the hardware resources needed for supporting virtual private networking through IPSec. The target system of this study is a home secure gateway, therefore only the tunnel mode is considered. Focus is on ESP protocol, but also some evaluations on AH are provided. We discuss usage of the AES, HMAC-SHA-1, and HMAC-SHA-2 cryptographic algorithms. In this paper we show that enabling IPSec in a 100 Mbit/s network kills its performance in almost every case. In a 10 Mbit/s network the results obtained for performance and CPU usage are much better. An interesting case within this network configuration is that in which IPComp is enabled and used on compressible data: CPU usage grows to 100%, but network throughput rises over the 10 Mbit/s limit, due to data compression. This performance evaluation leads the conclusion that while a hardware crypto-accelerator is really key in reaching high performance, it may also be useful in small, slow systems (e.g. small embedded systems) where it would help improving performance and security.
{"title":"IPSec hardware resource requirements evaluation","authors":"Alberto Ferrante, Vincenzo Piuri, J. Owen","doi":"10.1109/NGI.2005.1431672","DOIUrl":"https://doi.org/10.1109/NGI.2005.1431672","url":null,"abstract":"IPSec is a suite of protocols that adds security to communications at the IP level. This suite of protocols is becoming more and more important as it is included as mandatory security mechanism in IPv6. In this paper we provide an evaluation of the hardware resources needed for supporting virtual private networking through IPSec. The target system of this study is a home secure gateway, therefore only the tunnel mode is considered. Focus is on ESP protocol, but also some evaluations on AH are provided. We discuss usage of the AES, HMAC-SHA-1, and HMAC-SHA-2 cryptographic algorithms. In this paper we show that enabling IPSec in a 100 Mbit/s network kills its performance in almost every case. In a 10 Mbit/s network the results obtained for performance and CPU usage are much better. An interesting case within this network configuration is that in which IPComp is enabled and used on compressible data: CPU usage grows to 100%, but network throughput rises over the 10 Mbit/s limit, due to data compression. This performance evaluation leads the conclusion that while a hardware crypto-accelerator is really key in reaching high performance, it may also be useful in small, slow systems (e.g. small embedded systems) where it would help improving performance and security.","PeriodicalId":435785,"journal":{"name":"Next Generation Internet Networks, 2005","volume":"136 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116384314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: