Voice over IPsec: analysis and solutions

Roberto Barbieri, Danilo Bruschi and Emilia Rosti
Universita` degli Studi di Milano
Italy

In this paper we present the results of the experimental analys of the transmission of voice over secure communication links implementing IPsec. Experiments were conducted in order to identify the critical parameters that characterize the real time transmission of voice over an IPsec-ured Internet connection, as well as techniques that could be adopted to overcome some of the limitations of VoIPsec (Voice over IPsec). Our results show that the effective bandwidth can be reduced up to 50% with respect to VoIP in case of VoIPsec. This means that in case of low bandwidth links (e.g., modem connections) VoIPsec is not possible. Another critical point that emerges from our experiments is related to the encryption engine. The interesting result is that the cryptographic engine may hurt the perfomance of voice traffic not because of the overhead introduced by the computation of the cryptographic functions, rather because of the impossibility to schedule the access to it. Such a problem can only be addressed by introducing suitable scheduling algorithms for the encryption engine, which will privilege the access to such device for real time traffic. We address the issue of devising solutions to the low effective usage of network bandwidth. We present an efficient solution based on an innovative compression scheme for packet headers, cIPsec, in case of VoIPsec traffic. Simulation results show the proposed compression scheme significantly reduces the overhead of packet headers, thus increasing the effective bandwidth used by the transmission. In particular, when cIPsec is adopted, the average packet size is only 2% bigger than in the plain case (VoIP), which makes VoIPsec and VoIP equivalent from the bandwidth usage point ov view.

Keywords: voice over IPsec, compression, experimental evaluation, performance analysis

Read Paper Read Paper (in PDF)