Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Efficient Multi-Core Implementation of the IPsec Encapsulating Security Payload Protocol for a Single Security Association
Linköping University, Department of Computer and Information Science, Software and Systems.
Linköping University, Department of Computer and Information Science, Software and Systems.
2018 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Effektiv, flerkärnig implementation av IPsec Encapsulating Security Payload protokollet för en Security Association (Swedish)
Abstract [en]

As the mobile Internet traffic increases, the workload of the base stations processing this traffic increases with it. To cope with this, the telecommunication providers responsible for the systems deployed in these base stations have looked to parallelism. This, together with the fact that these providers have a vested interest in protecting their users' data from potential attackers, means that there is a need for efficient parallel packet processing software which handles encryption as well as authentication. A well known protocol for encryption and authentication of IP packets is the Encapsulating Security Payload (ESP) protocol of the IPsec protocol suite. IPsec establishes simplex connections, called Security Associations (SA), between entities that wish to communicate. This thesis investigates a special case of this problem where the work of encrypting and authenticating the packets within a single SA is parallelized. This problem was investigated by developing and comparing two multi-threaded implementations based on the Eventdev, an event driven programming library, and ring buffer libraries of Data Plane Development Kit (DPDK). One additional Eventdev-based implementation was also investigated which schedules linked lists of packets, instead of single packets, in an attempt to reduce the overhead of scheduling packets to the worker cores. These implementations were then evaluated in terms of throughput, latency, speedup, and last level cache miss rates. The results showed that the ring buffer-based implementation performed the best in all metrics while the single packet-scheduling Eventdev-based implementation was outperformed by the one using linked lists of packets. It was shown that the packet generation, which was done by the receiving core, was the main limiting factor for all implementations. In addition, the memory resources such as the memory bus, memory controller and prefetching hardware were shown to likely be an area of contention and a possible bottleneck as the packet generation rate increases. The conclusion drawn from this was that a parallelized packet retrieval solution such as Receive Side Scaling (RSS) together with minimizing memory resource contention is necessary to further improve performance.

Place, publisher, year, edition, pages
2018. , p. 102
Keywords [en]
Telecom 5G Eventdev Data Stream Processing
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:liu:diva-151984ISRN: LIU-IDA/LITH-EX-A--18/042--SEOAI: oai:DiVA.org:liu-151984DiVA, id: diva2:1255606
External cooperation
Ericsson AB
Subject / course
Computer science
Presentation
2018-09-26, Alan Turing, Campus Valla, Linköping, 13:15 (English)
Supervisors
Examiners
Available from: 2018-10-15 Created: 2018-10-12 Last updated: 2018-10-15Bibliographically approved

Open Access in DiVA

fulltext(2191 kB)111 downloads
File information
File name FULLTEXT01.pdfFile size 2191 kBChecksum SHA-512
2a4896f2176008ad17b50223e8db482b5370664ef7b78207abbf2c5c9442a613b6e14e1a6060c0c8cf8042d6dc52037cc42d871619cd3418a0204382d4a5e1f7
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Hellsing, MattiasAlbin, Odervall
By organisation
Software and Systems
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 111 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 121 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf