KIT | KIT-Bibliothek | Impressum | Datenschutz

Introducing QoS mechanisms into the IPsec packet processing

Völker, Lars; Schöller, Marcus; Zitterbart, Martina


The deployment and use of IPsec has consistently increased in recent years. IPsec is a protocol that allows, besides other things, secure branch offices connectivity and secure VPN access for road warriors. The limitations of IPsec are much better understood today, and efforts to improve IPsec are still underway. One aspect of improvement is the integration of IPsec with other functions and protocols of the network. Quality of Service (QoS) is one example. QoS is used to prioritize demanding traffic like Voice over IP, network control messages, and traffic for other mission-critical systems. QoS can be used to mitigate risks of DoS attacks, ill-behaving hosts, and other attacks by separating traffic classes and treating packets according to the respective class. In order to facilitate all the advantages QoS can offer, an IPsec implementation must not only be superficially changed, but needs thorough modifications or, even better, should be designed with QoS support as an objective. The current IPsec standard does hardly offer any guidance to do this. In this paper, we detail our QoS-capable IPsec and compare it with a widely-used regular IPsec implementation. ... mehr

Zugehörige Institution(en) am KIT Institut für Telematik (TM)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2007
Sprache Englisch
Identifikator KITopen-ID: 1000013734
Erschienen in Proceedings of the 32nd IEEE Conference on Local Computer Networks (LCN 2007), 15-18 October 2007, Clontarf Castle, Dublin, Ireland
Seiten 360-367
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page