Internet Archive Scholar

A Clustering and Traffic-Redistribution Scheme for High-Performance IPsec VPNs [chapter]

Pan-Lung Tsai, Chun-Ying Huang, Yun-Yin Huang, Chia-Chang Hsu, Chin-Laung Lei
2005 Lecture Notes in Computer Science  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (272.7 kB)
https://web.archive.org/web/20120714051603/http://snsl.cs.ntou.edu.tw/pubs/pdf/2005hipc.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL. The file type is application/pdf.

CPE-based IPsec VPNs have been widely used to provide secure private communication across the Internet. As the bandwidth of WAN links keeps growing, the bottleneck in a typical deployment of CPE-based IPsec VPNs has moved from the last-mile connections to the customer-edge security gateways. In this paper, we propose a clustering scheme to scale the throughput as required by CPE-based IPsec VPNs. The proposed scheme groups multiple security gateways into a cluster using a transparent
more » ... ching technique and allows as many gateways to be added as necessary until the resulting throughput is again limited by the bandwidth of the last-mile connections. It also includes a flow-migration mechanism to keep the load of the gateways balanced. The results of the performance evaluation confirm that the clustering technique and the traffic-redistribution mechanism together create a transparent, adaptive, and highly scalable solution for building high-performance IPsec VPNs.
doi:10.1007/11602569_45 fatcat:qx7pt6qfdbhu3peu3sbbus25ty
Citation

Pan-Lung Tsai, Chun-Ying Huang, Yun-Yin Huang, Chia-Chang Hsu, Chin-Laung Lei. "A Clustering and Traffic-Redistribution Scheme for High-Performance IPsec VPNs." Lecture Notes in Computer Science (2005) 432-443