Internet Key Exchange - Architecture

Architecture

Most IPsec implementations consist of an IKE daemon that runs in user space and an IPsec stack in the kernel that processes the actual IP packets.

User-space daemons have easy access to mass storage containing configuration information, such as the IPsec endpoint addresses, keys and certificates, as required. Kernel modules, on the other hand, can process packets efficiently and with minimum overhead—which is important for performance reasons.

The IKE protocol uses UDP packets, usually on port 500, and generally requires 4-6 packets with 2-3 turn-around times to create an SA on both sides. The negotiated key material is then given to the IPsec stack. For instance, this could be an AES key, information identifying the IP endpoints and ports that are to be protected, as well as what type of IPsec tunnel has been created. The IPsec stack, in turn, intercepts the relevant IP packets if and where appropriate and performs encryption/decryption as required. Implementations vary on how the interception of the packets is done—for example, some use virtual devices, others take a slice out of the firewall, etc.

Read more about this topic:  Internet Key Exchange

Famous quotes containing the word architecture:

    The two elements the traveler first captures in the big city are extrahuman architecture and furious rhythm. Geometry and anguish. At first glance, the rhythm may be confused with gaiety, but when you look more closely at the mechanism of social life and the painful slavery of both men and machines, you see that it is nothing but a kind of typical, empty anguish that makes even crime and gangs forgivable means of escape.
    Federico García Lorca (1898–1936)

    It seems a fantastic paradox, but it is nevertheless a most important truth, that no architecture can be truly noble which is not imperfect.
    John Ruskin (1819–1900)

    Poetry is not only dream and vision; it is the skeleton architecture of our lives. It lays the foundations for a future of change, a bridge across our fears of what has never been before.
    Audre Lorde (1934–1992)