IEEE MILCOM Conference, October 2004.
Abstract: In this paper, we consider the performance of
Internet packet routing on an overlay network formed by meshes of
IPsec-encrypted tunnels. The motivation of the study is to verify the
assumption that IPsec gateways can transparently tunnel secure red
(encrypted) network traffic over a black (unencrypted) wireless
network, making the black multi-hop backbone appear to the red routers
as a single-hop broadcast-based network. Using simulation, we consider
the impact of a composite Red/Black network architecture on the
performance of the Open Shortest Path First (OSPF) routing protocol. We
initially present a high-level description of the simulation modules
and the IPsec gateways and modifications for the Multicast extension of
OSPF (MOSPF) for the QualNet simulator. The simulation scenarios, based
on a typical crypto-partitioned network environment, are described
along with the metrics used for measuring the network performance. We
compare red OSPF overhead in composite red/black networks to that of
red only wired networks, and find that the wireless network, instead of
transparently providing full-mesh connectivity between security
gateways, negatively affects the red network performance, and we
identify some of the key causes for this degradation. We also suggest
what are some potential areas for more detailed investigation in order
to identify solutions that may mitigate these unwanted effects.