An Introduction To Security In IPsec
by Mike Borza and Al Hawtin
Early in the existence of the commercial Internet, the Internet Engineering Task Force (IETF) recognized that there was a need for a robust end-to-end security design for IP networks. This resulted in a number of RFCs (requests for comments) being authored to create an overlay security design in the network layer. IPsec remains the dominant virtual private networking technology and is widely deployed in handsets, gateways and carrier grade VPN service routers. Many of the interoperability issues encountered early in the IPsec lifecycle have been resolved and software solutions from Microsoft, in Linux distributions and in proprietary network products, support well-proven IPsec solutions.
As more IPsec traffic traverses the Internet and wireless networks, designers are increasingly faced with the requirement to build hardware offload solutions to help process the security load presented by this class of traffic. This TechNote is the first of two that look at the challenges of processing IPsec. Here we provide background on security definitions and the security model used in IPsec. Part Two will examine hardware offload solutions and how they are integrated into software stacks.
...download complete article here (451 KB PDF)
|
