Check out the new USENIX Web site. next up previous
Next: OpenBSD IPsec Implementation Up: System Architecture Previous: System Architecture

IPsec

  The IP Security architecture [8], as specified by the Internet Engineering Task Force (IETF), is comprised of a set of protocols that provide data integrity, confidentiality, replay protection, and authentication at the network layer. This positioning in the network stack offers considerable flexibility in transparently employing IPsec for different roles (e.g., building Virtual Private Networks, end-to-end security, remote access, etc.). Such flexibility is not possible at higher or lower levels of the network stack.

The overall IPsec architecture is very similar to previous work [5] and is composed of three modules:

For more details on their implementation in OpenBSD, see [3].


next up previous
Next: OpenBSD IPsec Implementation Up: System Architecture Previous: System Architecture
Stefan Miltchev
4/17/2002