English (United Kingdom)

https://curated-unify.zendy.io/wp-json/zendy-region/v1/featured_content/oa?rat=en

https://curated-unify.zendy.io/wp-json/zendy-region/v1/highlighted_journal/

Global: Zendy Plus annual

Presents the access of premium content as premium feature

Premium Content

Presents the keyphrase highlighting as premium feature

Keyphrase Highlighting

Presents the summarisation as premium feature

Summarisation

Insights

Presents the pdf analysis as premium feature

PDF Analysis

Presents the zaia usage as premium feature

ZAIA

Global: Zendy Tools annual

Global: Zendy Free Plan

Global: Zendy Tools monthly

Global: Zendy Plus monthly

The introduction of IPsec into software-defined networking (SDN) can secure communication in an SDN southbound interface, i.e., communication between the controllers and the switches. However, due to the static configuration of IPsec cryptographic algorithms, the invocation of these algorithms cannot dynamically self-adapt to traffic fluctuations in SDN southbound communication. To address the contradiction between link security and communication performance incurred by IPsec encryption, an evaluation model to find a trade-off between communication performance and link security is presented in this paper. An invocation mechanism based on the Free-to-Add (FTA) method is also proposed to optimize the invocation mode of cryptographic algorithms in traditional IPsec. Based on the real-time network status and the impact of the IPsec encryption process on the network latency and throughput, a feedback-based scheduling scheme is designed to enable the IPsec algorithms in use to be flexibly replaced and synchronously switched, and two policies are applied to determinate the appropriate encryption algorithm(s). The validity and effectiveness of the FTA-based mechanism are verified and evaluated on an SDN/OpenFlow platform in which IPsec security gateways are deployed. The feedback-based scheduling scheme is evaluated in terms of packet processing latency, distribution of optional encryption intensity, and the hit rate of encryption intensity.

IPsec Cryptographic Algorithm Invocation Considering Performance and Security for SDN Southbound Interface Communication