| Summary: | 碩士 === 國立交通大學 === 資訊工程系 === 89 === In high-speed networks, the processing speed of an IPSec gateway is critical to the overall throughput. To accelerate the processing speed and improves the reliability, clustering technology was inherently applied to the design of a modern IPSec gateway. However, due to the anti-replay window mechanism in IPSec protocol, IPSec packet out-of-order issue becomes more obvious with the introduction of the clustered architecture. In this paper, we present a load-balancing scheme over clustered IPSec gateway that alleviates IPSec packet out-of-order issue resulting from the IPSec anti-replay window. We also present a companion algorithm to further reduce TCP segment out-of-order issue caused by packet-based traffic dispatching. The proposed scheme alleviates IPSec packet out-of-order issue by using packet-based traffic dispatching algorithm, which results in a better throughput than session-based algorithms commonly seen in the current designs.
|
|---|
