Research And Implementation Of User-mode IPSec Protocol Stack

The popularity of smart phone brings a fresh wave of mobile internet. Not only the number of clients but also the network traffic has a dramatic increase. In order to provide better quality of services, major internet companies are actively building data centers(IDC). Data transfers between IDC of scattered departments is usually completed using private lines with high cost, thus the public network has gradually played a role in data transfers between IDC. To ensure safety, IPSec VPN is often applied to transfer data for IDC in public network. IPSec VPN solution is based on traditional protocol stack, which has already approached a bottleneck under high speed network environment. User-mode protocol stack has become a popular research subject, while Intel DPDK is an excellent development platform for user-mode protocol stack.To deal with problems faced in data processing for traditional protocol stack such as frequent interruptions, redundant data copies, not supporting multi-core framework and high cost of lock contention, this thesis introduced the key techniques to fight with these problems in DPDK: large pages, user space I/O and processor affinity. Then a usermode protocol stack framework based on DPDK is designed and four major modules are introduced in detail. The driver module is responsible for supporting multi-cores and distributed storage. The data receiving and dispatching module is responsible for quick data receiving and dispatching, data storage and less multi-core competition. The third layer protocol stack module is responsible for route switchover and communication between kernel-mode protocol stack and user-mode protocol. The IPSec processing module is responsible for the authentication and encryption for data packets. Based on detailed design of each module, a user-mode IPSec protocol stack based on DPDK is complemented. Tests against IPSec in traditional protocol stack in high speed network environment can provide the conclusion that user-mode IPSec protocol stack has superior performance and the ability to solve problems faced in traditional protocol stack.