Packet routing over crypto-partitioned networks

In this paper, we consider the performance of Internet packet routing on an overlay network formed by meshes of IPsec-encrypted tunnels. The motivation of the study is to verify the assumption that IPsec gateways can transparently tunnel secure red (encrypted) network traffic over a black (unencrypted) wireless network, making the black multi-hop backbone appear to the red routers as a single-hop broadcast-based network. Using simulation, we consider the impact of a composite red/black network architecture on the performance of the open shortest path first (OSPF) routing protocol. We initially present a high-level description of the simulation modules and the IPsec gateways and modifications for the Multicast extension of OSPF (MOSPF) for the QualNet simulator. The simulation scenarios, based on a typical crypto-partitioned network environment, are described along with the metrics used for measuring the network performance. We compare red OSPF overhead in composite red/black networks to that of red only wired networks, and find that the wireless network, instead of transparently providing full-mesh connectivity between security gateways, negatively affects the red network performance, and we identify some of the key causes for this degradation. We also suggest what are some potential areas for more detailed investigation in order to identify solutions that may mitigate these unwanted effects.