SlideShare a Scribd company logo

N017127984

IOSR Journals
IOSR Journals

This document discusses the impact of security overhead traffic from IPSec VPN on network performance through an OPNET simulation. Three scenarios were modeled: 1) without IPSec, 2) with IPSec using DS1 links, and 3) with IPSec using higher bandwidth DS3 links. The results show that applying IPSec VPN significantly increased server CPU utilization and network delay due to the additional encryption overhead. Increasing the link bandwidth in the third scenario helped reduce this impact by allowing more network capacity for the encrypted traffic. The conclusion is that security mechanisms like IPSec inject additional traffic that can degrade network performance if not accounted for in design.

Technology
1 of 6
Download to read offline
IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 1, Ver. II (Jan – Feb. 2015), PP 79-84 www.iosrjournals.org DOI: 10.9790/0661-17127984 www.iosrjournals.org 79 | Page The Impact of Security Overhead Traffic on Network’s Resources Performance Esam Suliman Mustafa Ahmed1 , Dr.Amin Babiker A/Nabi Mustafa2 1, 2 (Faculty of Engineering / AL-Neelain University, Sudan) Abstract: Security of transferred data is a big concern for data networks users .One of the best security solutions is the IPSec Virtual Private Networking (IPSec VPN).In this paper, The Impact of additional traffic generated by IPSec protocol on the network's resources performance is discussed. Network simulation is a major part of this Paper. OPNET simulation software is used. Analyzing the impact of applying IPSec VPN to secure a flow of traffic from a remote sites connected through IPSec Tunnels to one Server is the methodology of the study, using OPNET. Three scenarios have been simulated. The results are compared by measuring the utilization of the server in the three scenarios. Keywords: VPN, IPSec, Opnet, Security, ESP, AH. I. Introduction IPSec Tunnel One of the most important and widely-used security technologies, it uses encryption and Authentication to provide secure access over the public internet. Data sent from one site to another passes securely across the Internet. When the data travels from source to destination it passes across intermediate networks that may be shared, unwanted users may access the flow of data. VPN provides mechanisms to ensure that the data transferred securely. 1.1 Types of IPSec VPN Two forms of VPN: 1- Site to Site VPN Site -to -Site VPN (Figure 1). Fixed VPNs devices that link various office locations together and provides a secure connection between the corporate network and its branches. The VPN devices encrypt the packet and send the encrypted version over the Internet. When a packet arrives, the organization VPN device decrypts the packet and transmits the result to the user’s computer. Figure 1: Site-to-Site VPN 2- Client Server VPN Client Server VPN (Figure 2). Each user has Client Software to allow them to connect to the VPN Server. a user connects to the Internet and then launches the VPN application. the VPN software encrypt all packets and sends the encrypted packet to the corporate VPN server.
The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 80 | Page Figure 2: Client Server VPN 1.2 IPSec Overview IPSec is set of security algorithms that allow a pair of communicating devices to transfer data securely by offering strong encryption and authentication .IPSec protects what is delivered from the transport layer to the network layer. In other words, the transport mode protects the network layer payload, the payload to be encapsulated in the network layer. 1.3 Two Security Protocols 1- Authentication Header (AH) The Authentication Header (AH) Protocol is designed to authenticate the source host and to ensure the integrity of the payload carried in the IP packet. The protocol uses a hash function and a symmetric key to create a message digest; the digest is inserted in the authentication header. The AH is then placed in the appropriate location based on the mode (transport or tunnel). Figure 4 shows the fields and the position of the authentication header. A field inside the authentication header (the next header field) holds the original value of the protocol field (the type of payload being carried by the IP datagram). Figure 3: Ipv4 and Ipv6 Datagram without AH Figure 4: ESP Encryption and Authentication 1.4 Encapsulating Security PAYLOAD (ESP) The AH Protocol does not provide privacy, only source authentication and data integrity. IPSec later defined an alternative protocol that provides source authentication, integrity, and privacy called Encapsulating Security Payload (ESP). ESP adds a header and Trailer. Note that ESP's authentication data are added at the end of the packet which makes its calculation easier. Figure 5 shows the ESP header. When an IP datagram carries an ESP header and trailer, the value of the protocol field in the IP header is 50.A field inside the ESP trailer (the next-header field) holds the original value of the protocol field (the type of payload being carried by the IP datagram, such as TCP or UDP). The ESP procedure follows these steps:
The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 81 | Page 1. An ESP trailer is added to the payload. 2. The payload and the trailer are encrypted. 3. The ESP header is added. 4. The ESP header, payload, and ESP trailer are used to create the authentication data. 5. The authentication data are added to the end of the ESP trailer. 6. The IP header is added after the protocol value is changed to 50. Figure 5: Encapsulating Security Payload 1.5 Services Provided by IPSec IPSec overhead traffic affect on the overall throughput of the network. The congestion occurred in the network increase the response time for each application and increase the CPU utilization of the network resources .some applications like Real-time Applications are so sensitive to network delay and congestion which may lead to audio gaps and drop calls . II. An OPNET Simulation OPNET is a very usefully simulation program with a vast range of features. Used to create a virtual environment to simulate real networks. After a virtual network is created it can be possible to add many network components for example routers switches, servers, work stations and protocols. After creation of the scenario we can apply the configuration that we need to test and run the simulation. Finally we can analyze the result and make a comparison between the different scenarios to get the impact of applying different protocols and parameters. OPNET permits not only the building of a virtual network but also provides tools for dynamically investigating the network. III. The Design Three scenarios are used to measure the utilization of the server before and after applying IPSec. In the first scenario the network is configured where the server is accessed by Clients from different three sites connected through DS1 channels to the HQ router without applying a VPN tunneling as it shown in fig 6. in the second scenario a VPN tunneling are configured between the three sites and HQ router. The server acts as FTP, DB, and HTTP server for the clients in the three sites as it shows in fig 7. Channel’s bandwidth increased from DS1 to DS3 in the third scenario Figure 6: First Scenario (Before IPSec)
The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 82 | Page Figure 7: Second Scenario (After IPSec) IV. The Results The simulation runs for 1 hour. An event is defined as File Transfer (Light), Web Browsing (Light HTTP), and Database Access (Light). Results were collected after the simulation was run. Statistics of each scenario presented in a graph that detailed the activity throughout the simulation. Graph 8 illustrates the Utilization of the server's CPU in the three scenarios. The graph shows that the CPU utilization becomes very high after applying the IPSec due to Encapsulating security payload. Utilization decreased when increasing the Bandwidth of the links between the remote sites and HQ (IPSec with more Bandwidth scenario). Graphs 9 and 10 illustrate time average in server performance load (tasks/second and requests/second) in the two scenarios (before and after IPSec). the number of tasks and requests handled by the server increased after applying IPSec Graph 11 shows the delay-element (in the client DB Traffic Received (bytes/second)). Graph 12 shows the incoming packets to the core router in the two scenarios (Before and After IPSec). Figure 8: Time average in CPU Utilization
The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 83 | Page Figure 9: Time Average in server performance (Load/second) Figure 10: Time Average in server performance (Request/second) Figure 11: delay element (in client DB. traffic (bytes/second))
The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 84 | Page Figure 12: Core Router time average (in processor Forwarding memory queue size (incoming packets) V. Conclusion Referring to the graphs we get that there is a vast overloaded traffic after applying the IPsec tunnels which injects additional traffic within network. The server's CPU utilization is increased according to the huge amount of traffic and decreased when increasing the bandwidth. The number of tasks/second handled by the server becomes very high after applying IPSec Tunnels, also The delay in the traffic received by DB clients increased . Security mechanisms inject additional traffic within network that leads to increase the utilization of the network's resources and the task's response time which will affect the network performance and stability. VPN tunnels are the most effective secure communication across long distances. To reduce the effect of additional traffic, network's active components and servers with high specifications (CPU, RAM, and Storage) required. Increasing the bandwidth is a main factor in solving the IPSec protocol delay issues . References [1]. Henric Johnson , Network Security , Blekinge Institute of Technology, Sweden. [2]. W.~Diffie and E.~Hellman, {New directions in cryptography}, IEEE Transactions on Information Theory {22} (1976). [3]. Douglas E.Comer,Computer Networks and Internets [4]. McDysan. D.(2000),VPN applications Guide [5]. Behrouz A. Forouzan (2007), Data Communications and Networking [6]. J. Walrand and P. Varaiya, High-Performance Communication Networks. [7]. Dina Katabi, Mark Handley, and Charlie Rohrs, "Congestion Control for High Bandwidth-Delay Product Networks," [8]. David D. Clark, Van Jacobson, John Romkey, and Howard Salwen, "An Analysis of TCP Processing Overhead," IEEE Communications Magazine, June 1989 [9]. Kent, IP Authentication Header, November 1998. [10]. IPsec VPN WAN Design Overview,http://www.cisco.com [11]. IPsec Direct Encapsulation Design Guide— http://www.cisco.com/en/US/docs/solutions. [12]. Kosiur, D,"Building and Managing Virtual Private Networks," New York, NY(1998). [13]. Erwin, M., Scott, C,Wolfe ," Virtual Private Networks" Sebastopol CA: O'Rielly , Associates Inc(1999).

Recommended

Review on tls or ssl session sharing based web cluster load balancing
Review on tls or ssl session sharing based web cluster load balancingReview on tls or ssl session sharing based web cluster load balancing
Review on tls or ssl session sharing based web cluster load balancingeSAT Journals
 
Review on tls or ssl session sharing based web cluster load balancing
Review on tls or ssl session sharing based web cluster load balancingReview on tls or ssl session sharing based web cluster load balancing
Review on tls or ssl session sharing based web cluster load balancingeSAT Publishing House
 
Reducing download time through mirror servers
Reducing download time through mirror serversReducing download time through mirror servers
Reducing download time through mirror serverseSAT Publishing House
 
Lab08Email
Lab08EmailLab08Email
Lab08EmailRobert Klebes
 
Wired and Wireless Computer Network Performance Evaluation Using OMNeT++ Simu...
Wired and Wireless Computer Network Performance Evaluation Using OMNeT++ Simu...Wired and Wireless Computer Network Performance Evaluation Using OMNeT++ Simu...
Wired and Wireless Computer Network Performance Evaluation Using OMNeT++ Simu...Jaipal Dhobale
 
net work iTM3
net work iTM3net work iTM3
net work iTM3Aram Mohammed
 
WIRELESS - HOST TO HOST NETWORK PERFORMANCE EVALUATION BASED ON BITRATE AND N...
WIRELESS - HOST TO HOST NETWORK PERFORMANCE EVALUATION BASED ON BITRATE AND N...WIRELESS - HOST TO HOST NETWORK PERFORMANCE EVALUATION BASED ON BITRATE AND N...
WIRELESS - HOST TO HOST NETWORK PERFORMANCE EVALUATION BASED ON BITRATE AND N...Jaipal Dhobale
 
A Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksA Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksIOSR Journals
 

Recommended

Review on tls or ssl session sharing based web cluster load balancing
Review on tls or ssl session sharing based web cluster load balancingReview on tls or ssl session sharing based web cluster load balancing
Review on tls or ssl session sharing based web cluster load balancingeSAT Journals
 
Review on tls or ssl session sharing based web cluster load balancing
Review on tls or ssl session sharing based web cluster load balancingReview on tls or ssl session sharing based web cluster load balancing
Review on tls or ssl session sharing based web cluster load balancingeSAT Publishing House
 
Reducing download time through mirror servers
Reducing download time through mirror serversReducing download time through mirror servers
Reducing download time through mirror serverseSAT Publishing House
 
Lab08Email
Lab08EmailLab08Email
Lab08EmailRobert Klebes
 
Wired and Wireless Computer Network Performance Evaluation Using OMNeT++ Simu...
Wired and Wireless Computer Network Performance Evaluation Using OMNeT++ Simu...Wired and Wireless Computer Network Performance Evaluation Using OMNeT++ Simu...
Wired and Wireless Computer Network Performance Evaluation Using OMNeT++ Simu...Jaipal Dhobale
 
net work iTM3
net work iTM3net work iTM3
net work iTM3Aram Mohammed
 
WIRELESS - HOST TO HOST NETWORK PERFORMANCE EVALUATION BASED ON BITRATE AND N...
WIRELESS - HOST TO HOST NETWORK PERFORMANCE EVALUATION BASED ON BITRATE AND N...WIRELESS - HOST TO HOST NETWORK PERFORMANCE EVALUATION BASED ON BITRATE AND N...
WIRELESS - HOST TO HOST NETWORK PERFORMANCE EVALUATION BASED ON BITRATE AND N...Jaipal Dhobale
 
A Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksA Comparative Approach to Handle Ddos Attacks
A Comparative Approach to Handle Ddos AttacksIOSR Journals
 
Unit 3
Unit 3Unit 3
Unit 3Sangeetha Rangarajan
 
Single System Image Server Cluster
Single System Image Server ClusterSingle System Image Server Cluster
Single System Image Server ClusterIJERA Editor
 
Email - Electronic Mail
Email - Electronic MailEmail - Electronic Mail
Email - Electronic MailPeter R. Egli
 
Optimization of ipv6 packet’s headers over ethernet
Optimization of ipv6 packet’s headers over ethernetOptimization of ipv6 packet’s headers over ethernet
Optimization of ipv6 packet’s headers over ethernetIAEME Publication
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer ProtocolVinod Gurram
 
Compatibility between the new and the current ipv4 packet headers 2
Compatibility between the new and the current ipv4 packet headers 2Compatibility between the new and the current ipv4 packet headers 2
Compatibility between the new and the current ipv4 packet headers 2IAEME Publication
 
Distributed Web-Cache using OpenFlow
Distributed Web-Cache using OpenFlowDistributed Web-Cache using OpenFlow
Distributed Web-Cache using OpenFlowAasheesh Tandon
 
Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...IJECEIAES
 
Network th ITM3
Network th ITM3Network th ITM3
Network th ITM3Aram Mohammed
 
Sip Overload Control Testbed: Design, Building And Evaluation
Sip Overload Control Testbed: Design, Building And EvaluationSip Overload Control Testbed: Design, Building And Evaluation
Sip Overload Control Testbed: Design, Building And Evaluationijasa
 
DNS server configuration in packet tracer
DNS server configuration in packet tracerDNS server configuration in packet tracer
DNS server configuration in packet tracerprodhan999
 
Network programmability: an Overview
Network programmability: an Overview Network programmability: an Overview
Network programmability: an Overview Aymen AlAwadi
 
CCNA Introducing Networks
CCNA Introducing NetworksCCNA Introducing Networks
CCNA Introducing NetworksDsunte Wilson
 
Kastriot Blakaj
Kastriot BlakajKastriot Blakaj
Kastriot BlakajUBT - Higher Education Institution
 
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...INFOGAIN PUBLICATION
 
Smtp protocol
Smtp protocolSmtp protocol
Smtp protocolalibefkani
 
Integration of OVS in OpenWrt wireless network and investigation of SDWMN
Integration of OVS in OpenWrt wireless network and investigation of SDWMNIntegration of OVS in OpenWrt wireless network and investigation of SDWMN
Integration of OVS in OpenWrt wireless network and investigation of SDWMNNazmul Hossain Rakib
 
W04404135146
W04404135146W04404135146
W04404135146IJERA Editor
 
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET Journal
 
G010625257
G010625257G010625257
G010625257IOSR Journals
 
Lace cocktail dresses gudeer.com
Lace cocktail dresses gudeer.comLace cocktail dresses gudeer.com
Lace cocktail dresses gudeer.comGudeer Kitty
 
T01061142150
T01061142150T01061142150
T01061142150IOSR Journals
 

More Related Content

What's hot

Single System Image Server Cluster
Single System Image Server ClusterSingle System Image Server Cluster
Single System Image Server ClusterIJERA Editor
 
Email - Electronic Mail
Email - Electronic MailEmail - Electronic Mail
Email - Electronic MailPeter R. Egli
 
Optimization of ipv6 packet’s headers over ethernet
Optimization of ipv6 packet’s headers over ethernetOptimization of ipv6 packet’s headers over ethernet
Optimization of ipv6 packet’s headers over ethernetIAEME Publication
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer ProtocolVinod Gurram
 
Compatibility between the new and the current ipv4 packet headers 2
Compatibility between the new and the current ipv4 packet headers 2Compatibility between the new and the current ipv4 packet headers 2
Compatibility between the new and the current ipv4 packet headers 2IAEME Publication
 
Distributed Web-Cache using OpenFlow
Distributed Web-Cache using OpenFlowDistributed Web-Cache using OpenFlow
Distributed Web-Cache using OpenFlowAasheesh Tandon
 
Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...IJECEIAES
 
Sip Overload Control Testbed: Design, Building And Evaluation
Sip Overload Control Testbed: Design, Building And EvaluationSip Overload Control Testbed: Design, Building And Evaluation
Sip Overload Control Testbed: Design, Building And Evaluationijasa
 
DNS server configuration in packet tracer
DNS server configuration in packet tracerDNS server configuration in packet tracer
DNS server configuration in packet tracerprodhan999
 
Network programmability: an Overview
Network programmability: an Overview Network programmability: an Overview
Network programmability: an Overview Aymen AlAwadi
 
CCNA Introducing Networks
CCNA Introducing NetworksCCNA Introducing Networks
CCNA Introducing NetworksDsunte Wilson
 
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...INFOGAIN PUBLICATION
 
Integration of OVS in OpenWrt wireless network and investigation of SDWMN
Integration of OVS in OpenWrt wireless network and investigation of SDWMNIntegration of OVS in OpenWrt wireless network and investigation of SDWMN
Integration of OVS in OpenWrt wireless network and investigation of SDWMNNazmul Hossain Rakib
 
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET Journal
 

What's hot (19)

Unit 3
Unit 3Unit 3
Unit 3
 
Single System Image Server Cluster
Single System Image Server ClusterSingle System Image Server Cluster
Single System Image Server Cluster
 
Email - Electronic Mail
Email - Electronic MailEmail - Electronic Mail
Email - Electronic Mail
 
Optimization of ipv6 packet’s headers over ethernet
Optimization of ipv6 packet’s headers over ethernetOptimization of ipv6 packet’s headers over ethernet
Optimization of ipv6 packet’s headers over ethernet
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer Protocol
 
Compatibility between the new and the current ipv4 packet headers 2
Compatibility between the new and the current ipv4 packet headers 2Compatibility between the new and the current ipv4 packet headers 2
Compatibility between the new and the current ipv4 packet headers 2
 
Distributed Web-Cache using OpenFlow
Distributed Web-Cache using OpenFlowDistributed Web-Cache using OpenFlow
Distributed Web-Cache using OpenFlow
 
Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...Performance analysis of container-based networking Solutions for high-perform...
Performance analysis of container-based networking Solutions for high-perform...
 
Network th ITM3
Network th ITM3Network th ITM3
Network th ITM3
 
Sip Overload Control Testbed: Design, Building And Evaluation
Sip Overload Control Testbed: Design, Building And EvaluationSip Overload Control Testbed: Design, Building And Evaluation
Sip Overload Control Testbed: Design, Building And Evaluation
 
DNS server configuration in packet tracer
DNS server configuration in packet tracerDNS server configuration in packet tracer
DNS server configuration in packet tracer
 
Network programmability: an Overview
Network programmability: an Overview Network programmability: an Overview
Network programmability: an Overview
 
CCNA Introducing Networks
CCNA Introducing NetworksCCNA Introducing Networks
CCNA Introducing Networks
 
Kastriot Blakaj
Kastriot BlakajKastriot Blakaj
Kastriot Blakaj
 
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
Privacy Preserving Public Auditing and Data Integrity for Secure Cloud Storag...
 
Smtp protocol
Smtp protocolSmtp protocol
Smtp protocol
 
Integration of OVS in OpenWrt wireless network and investigation of SDWMN
Integration of OVS in OpenWrt wireless network and investigation of SDWMNIntegration of OVS in OpenWrt wireless network and investigation of SDWMN
Integration of OVS in OpenWrt wireless network and investigation of SDWMN
 
W04404135146
W04404135146W04404135146
W04404135146
 
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
IRJET- Secure Scheme For Cloud-Based Multimedia Content Storage
 

Viewers also liked

Lace cocktail dresses gudeer.com
Lace cocktail dresses gudeer.comLace cocktail dresses gudeer.com
Lace cocktail dresses gudeer.comGudeer Kitty
 
CV Jaweed (Legal Assistant to COO)
CV Jaweed (Legal Assistant to COO)CV Jaweed (Legal Assistant to COO)
CV Jaweed (Legal Assistant to COO)syed nadeem
 
Ajai K. Asthana CV
Ajai K. Asthana CVAjai K. Asthana CV
Ajai K. Asthana CVAjay Asthana
 

Viewers also liked (20)

G010625257
G010625257G010625257
G010625257
 
Lace cocktail dresses gudeer.com
Lace cocktail dresses gudeer.comLace cocktail dresses gudeer.com
Lace cocktail dresses gudeer.com
 
T01061142150
T01061142150T01061142150
T01061142150
 
E017422935
E017422935E017422935
E017422935
 
K1803027074
K1803027074K1803027074
K1803027074
 
CV Jaweed (Legal Assistant to COO)
CV Jaweed (Legal Assistant to COO)CV Jaweed (Legal Assistant to COO)
CV Jaweed (Legal Assistant to COO)
 
D010621535
D010621535D010621535
D010621535
 
J017426467
J017426467J017426467
J017426467
 
G017434861
G017434861G017434861
G017434861
 
E012312328
E012312328E012312328
E012312328
 
A011110105
A011110105A011110105
A011110105
 
C017551519
C017551519C017551519
C017551519
 
H017324449
H017324449H017324449
H017324449
 
J017446568
J017446568J017446568
J017446568
 
I010515361
I010515361I010515361
I010515361
 
E017543841
E017543841E017543841
E017543841
 
Ajai K. Asthana CV
Ajai K. Asthana CVAjai K. Asthana CV
Ajai K. Asthana CV
 
H017424956
H017424956H017424956
H017424956
 
D1804011824
D1804011824D1804011824
D1804011824
 
C1303032126
C1303032126C1303032126
C1303032126
 

Similar to N017127984

Ijarcet vol-2-issue-7-2297-2301
Ijarcet vol-2-issue-7-2297-2301Ijarcet vol-2-issue-7-2297-2301
Ijarcet vol-2-issue-7-2297-2301Editor IJARCET
 
Ijarcet vol-2-issue-7-2297-2301
Ijarcet vol-2-issue-7-2297-2301Ijarcet vol-2-issue-7-2297-2301
Ijarcet vol-2-issue-7-2297-2301Editor IJARCET
 
An in-building multi-server cloud system based on shortest Path algorithm dep...
An in-building multi-server cloud system based on shortest Path algorithm dep...An in-building multi-server cloud system based on shortest Path algorithm dep...
An in-building multi-server cloud system based on shortest Path algorithm dep...IOSR Journals
 
A NETWORK-BASED DAC OPTIMIZATION PROTOTYPE SOFTWARE 2 (1).pdf
A NETWORK-BASED DAC OPTIMIZATION PROTOTYPE SOFTWARE 2 (1).pdfA NETWORK-BASED DAC OPTIMIZATION PROTOTYPE SOFTWARE 2 (1).pdf
A NETWORK-BASED DAC OPTIMIZATION PROTOTYPE SOFTWARE 2 (1).pdfSaiReddy794166
 
Unit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi ModelUnit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi ModelJacqueline Thomas
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
Firewall and vpn investigation on cloud computing performance
Firewall and vpn investigation on cloud computing performanceFirewall and vpn investigation on cloud computing performance
Firewall and vpn investigation on cloud computing performanceIJCSES Journal
 
Analysis Of Internet Protocol ( IP ) Datagrams
Analysis Of Internet Protocol ( IP ) DatagramsAnalysis Of Internet Protocol ( IP ) Datagrams
Analysis Of Internet Protocol ( IP ) DatagramsEmily Jones
 
computer network NCC l4dc assingment
computer network NCC l4dc assingment computer network NCC l4dc assingment
computer network NCC l4dc assingment David Parker
 
CN unit 1 part 2 2023.ppt
CN unit 1 part 2 2023.pptCN unit 1 part 2 2023.ppt
CN unit 1 part 2 2023.pptmohanravi1986
 
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...ijceronline
 
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOLIMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOLhiij
 
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOLIMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOLijccsa
 
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOLIMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOLijccsa
 
Improved Secure Cloud Transmission Protocol
Improved Secure Cloud Transmission ProtocolImproved Secure Cloud Transmission Protocol
Improved Secure Cloud Transmission Protocolneirew J
 
A step on developing network monitoring tools
A step on developing network monitoring toolsA step on developing network monitoring tools
A step on developing network monitoring toolsAlexander Decker
 
Ijarcet vol-2-issue-7-2236-2240
Ijarcet vol-2-issue-7-2236-2240Ijarcet vol-2-issue-7-2236-2240
Ijarcet vol-2-issue-7-2236-2240Editor IJARCET
 
Ijarcet vol-2-issue-7-2236-2240
Ijarcet vol-2-issue-7-2236-2240Ijarcet vol-2-issue-7-2236-2240
Ijarcet vol-2-issue-7-2236-2240Editor IJARCET
 

Similar to N017127984 (20)

Ijarcet vol-2-issue-7-2297-2301
Ijarcet vol-2-issue-7-2297-2301Ijarcet vol-2-issue-7-2297-2301
Ijarcet vol-2-issue-7-2297-2301
 
Ijarcet vol-2-issue-7-2297-2301
Ijarcet vol-2-issue-7-2297-2301Ijarcet vol-2-issue-7-2297-2301
Ijarcet vol-2-issue-7-2297-2301
 
An in-building multi-server cloud system based on shortest Path algorithm dep...
An in-building multi-server cloud system based on shortest Path algorithm dep...An in-building multi-server cloud system based on shortest Path algorithm dep...
An in-building multi-server cloud system based on shortest Path algorithm dep...
 
H017113842
H017113842H017113842
H017113842
 
A NETWORK-BASED DAC OPTIMIZATION PROTOTYPE SOFTWARE 2 (1).pdf
A NETWORK-BASED DAC OPTIMIZATION PROTOTYPE SOFTWARE 2 (1).pdfA NETWORK-BASED DAC OPTIMIZATION PROTOTYPE SOFTWARE 2 (1).pdf
A NETWORK-BASED DAC OPTIMIZATION PROTOTYPE SOFTWARE 2 (1).pdf
 
Unit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi ModelUnit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi Model
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
Firewall and vpn investigation on cloud computing performance
Firewall and vpn investigation on cloud computing performanceFirewall and vpn investigation on cloud computing performance
Firewall and vpn investigation on cloud computing performance
 
Analysis Of Internet Protocol ( IP ) Datagrams
Analysis Of Internet Protocol ( IP ) DatagramsAnalysis Of Internet Protocol ( IP ) Datagrams
Analysis Of Internet Protocol ( IP ) Datagrams
 
TCP/IP Introduction
TCP/IP IntroductionTCP/IP Introduction
TCP/IP Introduction
 
computer network NCC l4dc assingment
computer network NCC l4dc assingment computer network NCC l4dc assingment
computer network NCC l4dc assingment
 
CN unit 1 part 2 2023.ppt
CN unit 1 part 2 2023.pptCN unit 1 part 2 2023.ppt
CN unit 1 part 2 2023.ppt
 
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
A Comparative Analysis of Additional Overhead Imposed by Internet Protocol Se...
 
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOLIMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
 
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOLIMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
 
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOLIMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
IMPROVED SECURE CLOUD TRANSMISSION PROTOCOL
 
Improved Secure Cloud Transmission Protocol
Improved Secure Cloud Transmission ProtocolImproved Secure Cloud Transmission Protocol
Improved Secure Cloud Transmission Protocol
 
A step on developing network monitoring tools
A step on developing network monitoring toolsA step on developing network monitoring tools
A step on developing network monitoring tools
 
Ijarcet vol-2-issue-7-2236-2240
Ijarcet vol-2-issue-7-2236-2240Ijarcet vol-2-issue-7-2236-2240
Ijarcet vol-2-issue-7-2236-2240
 
Ijarcet vol-2-issue-7-2236-2240
Ijarcet vol-2-issue-7-2236-2240Ijarcet vol-2-issue-7-2236-2240
Ijarcet vol-2-issue-7-2236-2240
 

More from IOSR Journals

More from IOSR Journals (20)

A011140104
A011140104A011140104
A011140104
 
M0111397100
M0111397100M0111397100
M0111397100
 
L011138596
L011138596L011138596
L011138596
 
K011138084
K011138084K011138084
K011138084
 
J011137479
J011137479J011137479
J011137479
 
I011136673
I011136673I011136673
I011136673
 
G011134454
G011134454G011134454
G011134454
 
H011135565
H011135565H011135565
H011135565
 
F011134043
F011134043F011134043
F011134043
 
E011133639
E011133639E011133639
E011133639
 
D011132635
D011132635D011132635
D011132635
 
C011131925
C011131925C011131925
C011131925
 
B011130918
B011130918B011130918
B011130918
 
A011130108
A011130108A011130108
A011130108
 
I011125160
I011125160I011125160
I011125160
 
H011124050
H011124050H011124050
H011124050
 
G011123539
G011123539G011123539
G011123539
 
F011123134
F011123134F011123134
F011123134
 
E011122530
E011122530E011122530
E011122530
 
D011121524
D011121524D011121524
D011121524
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

N017127984

  • 1. IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 17, Issue 1, Ver. II (Jan – Feb. 2015), PP 79-84 www.iosrjournals.org DOI: 10.9790/0661-17127984 www.iosrjournals.org 79 | Page The Impact of Security Overhead Traffic on Network’s Resources Performance Esam Suliman Mustafa Ahmed1 , Dr.Amin Babiker A/Nabi Mustafa2 1, 2 (Faculty of Engineering / AL-Neelain University, Sudan) Abstract: Security of transferred data is a big concern for data networks users .One of the best security solutions is the IPSec Virtual Private Networking (IPSec VPN).In this paper, The Impact of additional traffic generated by IPSec protocol on the network's resources performance is discussed. Network simulation is a major part of this Paper. OPNET simulation software is used. Analyzing the impact of applying IPSec VPN to secure a flow of traffic from a remote sites connected through IPSec Tunnels to one Server is the methodology of the study, using OPNET. Three scenarios have been simulated. The results are compared by measuring the utilization of the server in the three scenarios. Keywords: VPN, IPSec, Opnet, Security, ESP, AH. I. Introduction IPSec Tunnel One of the most important and widely-used security technologies, it uses encryption and Authentication to provide secure access over the public internet. Data sent from one site to another passes securely across the Internet. When the data travels from source to destination it passes across intermediate networks that may be shared, unwanted users may access the flow of data. VPN provides mechanisms to ensure that the data transferred securely. 1.1 Types of IPSec VPN Two forms of VPN: 1- Site to Site VPN Site -to -Site VPN (Figure 1). Fixed VPNs devices that link various office locations together and provides a secure connection between the corporate network and its branches. The VPN devices encrypt the packet and send the encrypted version over the Internet. When a packet arrives, the organization VPN device decrypts the packet and transmits the result to the user’s computer. Figure 1: Site-to-Site VPN 2- Client Server VPN Client Server VPN (Figure 2). Each user has Client Software to allow them to connect to the VPN Server. a user connects to the Internet and then launches the VPN application. the VPN software encrypt all packets and sends the encrypted packet to the corporate VPN server.
  • 2. The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 80 | Page Figure 2: Client Server VPN 1.2 IPSec Overview IPSec is set of security algorithms that allow a pair of communicating devices to transfer data securely by offering strong encryption and authentication .IPSec protects what is delivered from the transport layer to the network layer. In other words, the transport mode protects the network layer payload, the payload to be encapsulated in the network layer. 1.3 Two Security Protocols 1- Authentication Header (AH) The Authentication Header (AH) Protocol is designed to authenticate the source host and to ensure the integrity of the payload carried in the IP packet. The protocol uses a hash function and a symmetric key to create a message digest; the digest is inserted in the authentication header. The AH is then placed in the appropriate location based on the mode (transport or tunnel). Figure 4 shows the fields and the position of the authentication header. A field inside the authentication header (the next header field) holds the original value of the protocol field (the type of payload being carried by the IP datagram). Figure 3: Ipv4 and Ipv6 Datagram without AH Figure 4: ESP Encryption and Authentication 1.4 Encapsulating Security PAYLOAD (ESP) The AH Protocol does not provide privacy, only source authentication and data integrity. IPSec later defined an alternative protocol that provides source authentication, integrity, and privacy called Encapsulating Security Payload (ESP). ESP adds a header and Trailer. Note that ESP's authentication data are added at the end of the packet which makes its calculation easier. Figure 5 shows the ESP header. When an IP datagram carries an ESP header and trailer, the value of the protocol field in the IP header is 50.A field inside the ESP trailer (the next-header field) holds the original value of the protocol field (the type of payload being carried by the IP datagram, such as TCP or UDP). The ESP procedure follows these steps:
  • 3. The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 81 | Page 1. An ESP trailer is added to the payload. 2. The payload and the trailer are encrypted. 3. The ESP header is added. 4. The ESP header, payload, and ESP trailer are used to create the authentication data. 5. The authentication data are added to the end of the ESP trailer. 6. The IP header is added after the protocol value is changed to 50. Figure 5: Encapsulating Security Payload 1.5 Services Provided by IPSec IPSec overhead traffic affect on the overall throughput of the network. The congestion occurred in the network increase the response time for each application and increase the CPU utilization of the network resources .some applications like Real-time Applications are so sensitive to network delay and congestion which may lead to audio gaps and drop calls . II. An OPNET Simulation OPNET is a very usefully simulation program with a vast range of features. Used to create a virtual environment to simulate real networks. After a virtual network is created it can be possible to add many network components for example routers switches, servers, work stations and protocols. After creation of the scenario we can apply the configuration that we need to test and run the simulation. Finally we can analyze the result and make a comparison between the different scenarios to get the impact of applying different protocols and parameters. OPNET permits not only the building of a virtual network but also provides tools for dynamically investigating the network. III. The Design Three scenarios are used to measure the utilization of the server before and after applying IPSec. In the first scenario the network is configured where the server is accessed by Clients from different three sites connected through DS1 channels to the HQ router without applying a VPN tunneling as it shown in fig 6. in the second scenario a VPN tunneling are configured between the three sites and HQ router. The server acts as FTP, DB, and HTTP server for the clients in the three sites as it shows in fig 7. Channel’s bandwidth increased from DS1 to DS3 in the third scenario Figure 6: First Scenario (Before IPSec)
  • 4. The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 82 | Page Figure 7: Second Scenario (After IPSec) IV. The Results The simulation runs for 1 hour. An event is defined as File Transfer (Light), Web Browsing (Light HTTP), and Database Access (Light). Results were collected after the simulation was run. Statistics of each scenario presented in a graph that detailed the activity throughout the simulation. Graph 8 illustrates the Utilization of the server's CPU in the three scenarios. The graph shows that the CPU utilization becomes very high after applying the IPSec due to Encapsulating security payload. Utilization decreased when increasing the Bandwidth of the links between the remote sites and HQ (IPSec with more Bandwidth scenario). Graphs 9 and 10 illustrate time average in server performance load (tasks/second and requests/second) in the two scenarios (before and after IPSec). the number of tasks and requests handled by the server increased after applying IPSec Graph 11 shows the delay-element (in the client DB Traffic Received (bytes/second)). Graph 12 shows the incoming packets to the core router in the two scenarios (Before and After IPSec). Figure 8: Time average in CPU Utilization
  • 5. The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 83 | Page Figure 9: Time Average in server performance (Load/second) Figure 10: Time Average in server performance (Request/second) Figure 11: delay element (in client DB. traffic (bytes/second))
  • 6. The Impact of security overhead traffic on Network’s resources performance DOI: 10.9790/0661-17127984 www.iosrjournals.org 84 | Page Figure 12: Core Router time average (in processor Forwarding memory queue size (incoming packets) V. Conclusion Referring to the graphs we get that there is a vast overloaded traffic after applying the IPsec tunnels which injects additional traffic within network. The server's CPU utilization is increased according to the huge amount of traffic and decreased when increasing the bandwidth. The number of tasks/second handled by the server becomes very high after applying IPSec Tunnels, also The delay in the traffic received by DB clients increased . Security mechanisms inject additional traffic within network that leads to increase the utilization of the network's resources and the task's response time which will affect the network performance and stability. VPN tunnels are the most effective secure communication across long distances. To reduce the effect of additional traffic, network's active components and servers with high specifications (CPU, RAM, and Storage) required. Increasing the bandwidth is a main factor in solving the IPSec protocol delay issues . References [1]. Henric Johnson , Network Security , Blekinge Institute of Technology, Sweden. [2]. W.~Diffie and E.~Hellman, {New directions in cryptography}, IEEE Transactions on Information Theory {22} (1976). [3]. Douglas E.Comer,Computer Networks and Internets [4]. McDysan. D.(2000),VPN applications Guide [5]. Behrouz A. Forouzan (2007), Data Communications and Networking [6]. J. Walrand and P. Varaiya, High-Performance Communication Networks. [7]. Dina Katabi, Mark Handley, and Charlie Rohrs, "Congestion Control for High Bandwidth-Delay Product Networks," [8]. David D. Clark, Van Jacobson, John Romkey, and Howard Salwen, "An Analysis of TCP Processing Overhead," IEEE Communications Magazine, June 1989 [9]. Kent, IP Authentication Header, November 1998. [10]. IPsec VPN WAN Design Overview,http://www.cisco.com [11]. IPsec Direct Encapsulation Design Guide— http://www.cisco.com/en/US/docs/solutions. [12]. Kosiur, D,"Building and Managing Virtual Private Networks," New York, NY(1998). [13]. Erwin, M., Scott, C,Wolfe ," Virtual Private Networks" Sebastopol CA: O'Rielly , Associates Inc(1999).