FASiRec: A Fast Session Recovery Scheme for Large-scale VPNs Using IPSec

As a de facto standard protocol, Internet protocol security (IPSec) provides secure communication between networked systems. One of the most common issues today in large-scale virtual private networks using IPSec is the problem of a stale security association, which occurs when the device at one end of the tunnel maintains the tunnel state but the other end does not. Internet key exchange (IKE) keepalives resolve this by removing the state of the old tunnel and setting up a new tunnel. In particular, the loss of state by a security gateway requires multiple hosts to reestablish tunnels, resulting in high network costs in time, bandwidth usage, etc. The resulting time delay can lead to poor performance, which in turn increases the packet drop rate. To solve this problem, we propose the Fast Session Recovery scheme for IPSec, which reestablishes tunnels, not by renegotiating the session key using IKE, but by backing up the session key. We tested the proposed scheme with an experiment which showed that it can significantly speed up the session reestablishment while increasing total throughput in the network.