Performance evaluation of internet protocol security (IPSec) over multiprotocol label switching (MPLS).

Thumbnail Image
Mwape, Jessy Chisenga
Journal Title
Journal ISSN
Volume Title
The University of Zambia.
For nearly two (2) decades, Multiprotocol Label Switching (MPLS) has provided Wide Area Network (WAN) solutions for enterprises and large organizations to manage their multiple networks in different locations. Real time networks have been affected negatively by high latency due to inefficient WAN technologies and security solutions. The popularity of Multi-protocol Label Switching (MPLS) continues to increase with Internet and Data Service providers (ISP) in Zambia. MPLS provides network efficiency through traffic engineering and Quality of Service, however, by default, it does not provide any mechanism for authentication and encryption of the data as it travels through the public network provided by Internet service providers. In order to resolve the security concerns in MPLS, this study has deployed the Internet Protocol Security (IPsec) over MPLS in order to provide additional layer of security to data during transmission. The method used to conduct this research is experiments. The research is conducted in a live environment where the service provider network implements MPLS and IPsec is deployed on Customer edge routers. Three (3) Customer Edge routers over the ISPs MPLS public network were deployed in different locations and configured with policy based IPsec. Data was collected before IPsec deployment and after IPsec deployment in order to analyze the performance metrics such as packet lengths, round trip times, authentication and encryption. The study captured and analyzed 15,362,356 packets. It has been established that using MPLS provides minimal security to data through the use of labels. This label feature both separates traffic streams and provides efficient use of network resources as IP addresses are not used to route traffic in the MPLS environment. It is worth noting that implementing IPsec over MPLS improves the security of the network and data. The study has shown that IPsec and MPLS are better together because the security risks associated with transmitting data over MPLS are resolved by IPsec. IPsec provides data privacy and security per connection for network traffic crossing the perimeter. Further, the authentication of peers and data provides the mechanism of identification and verifying the IPsec peers and validating the authenticity of the data send against the one received.
Thesis of Master of Engineering in Information and Communication Technology Security.