Integrating Header Compression with IPsec

The global information grid (GIG) will leverage Internet protocol security (IPsec) tunnel mode security associations (SAs) to secure IP traffic. Tunnel mode SAs require the use of an additional IP header per packet, which significantly increases the amount of overhead added to traffic profiles characterized by small packet payloads. This effect is further magnified with the United States department of defense (DoD) transition to Internet protocol version 6 (IPv6), as IPv6 requires twice the packet overhead of Internet protocol version 4 (IPv4). Traditional Internet engineering task force (IETF) header compression (HC) algorithms, such as IP header compression (IPHC), compressed real time transport protocol (CRTP), enhanced compressed real time transport protocol (ECRTP), and robust header compression (ROHC), have been developed to help minimize packet overhead on a hop-by-hop basis. If these HC algorithms are extended to operate over IPsec, improvements in network performance and efficiency of IP sec-protected traffic can be attained. This paper provides an overview of the extensions required to achieve HC over IPsec (HCoIPsec), an emerging protocol currently being defined in the IETF. By integrating the IPsec architecture with HC algorithms, the size of packet headers flowing over IPsec tunnel mode SAs can be reduced, providing efficiency gains in bandwidth-constrained networks