A Clustering and Traffic-Redistribution Scheme for High-Performance IPsec Virtual Private Networks
Abstract
CPE-based IPsec VPNs have been widely used to provide secure private communication across the Internet. As the bandwidth of WAN links keeps growing, the bottleneck in a typical deployment of CPE-based IPsec VPNs has moved from the last-mile connections to the customer-edge security gateways. In this paper, we propose a clustering scheme to scale the throughput as required by CPE-based IPsec VPNs. The proposed scheme groups multiple security gateways into a cluster using a transparent self-dispatching technique and allows as many gateways to be added as necessary until the resulting throughput is again limited by the bandwidth of the last-mile connections. It also includes a flow-migration mechanism to keep the load of the gateways balanced. The results of the performance evaluation confirm that the clustering technique and the traffic-redistribution mechanism together create a transparent, adaptive, and highly scalable solution for building high-performance IPsec VPNs
Citation
Pan-Lung Tsai, Chun-Ying Huang, Yun-Yin Huang, Chia-Chang Hsu, and Chin-Laung Lei, "A Clustering and Traffic-Redistribution Scheme for High-Performance IPsec Virtual Private Networks," HiPC, December 2005.
Bibtex
@inproceedings{tsai05:ipsecluster,
author = {Pan-Lung Tsai and Chun-Ying Huang and Yun-Yin Huang and Chia-Chang Hsu and Chin-Laung Lei},
title = {A Clustering and Traffic-Redistribution Scheme for High-Performance IPsec VPNs},
booktitle = {Proceedings of HIPC 2005},
pages = {432--443},
year = {2005}
}