nImplementation ofIPSec inHigh Performancerouter

Tomeetthesecurity needinhighperformance router, specific hardwaresupporting IPSeeprotocol mustbe designed. We givethedetailed design including hardware and software ofimplementing IPSecinthehighperformance router. Theaimofthedesign istoprovide thetrustiness security without sacrificing theperformance oftherouter andenables therouter capable ofperforming thecryptographic requirements ofbothAH andESPmechanisms intransport andtunnel mode. 1.Itroduction IPSec(Internet Protocol Security) isanextension totheIPsuite and isaglobalize solution totheproblem ofIniternet security. IPSec protocol includes instmctions forimplementation inbothIPv4 andI6. However, inthis papertheprotocol arediscussed only inrespect ofIPv6. Thetwosecurity mechanisms ofIPSec aretheAuthentication Header(AH), whichprovides data onginauthentication andconnectionless integnity, andthe Encapsulating Security Payload (ESP), whichprovides connectionless data confidentiality services. Manysystems will require bothauthentication andencryption protection, which canbeachieved bycombiiing theAH andESPprotocols, as described in(1). IPSecsupports twomethods ofoperation, tunnel modeandtransport mode.Intransport mode,only the upper-layer protocol datasegmentoftheIPpacket is authenticated orencrypted anditistypically usedfor end-to-end protection ofdatapackets between txohosts. In tunnel modetheentire IPpacket isauthenticated orencrypted. Theresult isthentransmitted within another IPpacket which contains anewouter header. Ineffect, theentire onginal packet travels through a'tunel' fromonepoint ofanIPnetwork to another Tunnlmodecanbeusedbetween firewalls tocreate a virtual private network (VPN). Efficient andsecurekey management isalsoanimportant partofIPSec. Thekey management protocol wechose foremployment isInternet Key Exchange (IKE)(2),