IPSec is a protocol that can provide security services at the IP layer by enabling a system to select security protocols, determine algorithms for the security services and put in place any cryptographic keys required to provide the security services. IPSec can also be used to protect one or more paths between a pair of hosts, between a pair of secure gateways, or between a security gateway and a host.
An example of an IPSec internet protocol is specified by the Network Working Group in “Request for Comment” (RFC) 2401, 2402 and 2406. The IPSec protocol may be implemented in either a tunneling mode or a transport mode. In a typical tunnel, unicast addresses are used to set up a “tunnel” between two nodes across a network. Tunneling enables one network to send data via another network's connections by encapsulating one protocol within packets carried by the other network. For example, links between intermediate stations on the internet are managed independently and are often transparent to the end stations. IPSec security protocol communication may be established for example, between separate locations of an organization to help protect data communications between the locations. The use of IPSec may enable parties to establish a secure virtual private network (VPN).
In accordance with conventional IPSec communications, IP packets are encapsulated and outer headers are added. The encapsulated portion, which includes inner headers, may, for example, be hidden by encryption and/or authentication. The addition of the outer headers results in larger packets that require additional communication bandwidth for the communication of these IPSec tunnel packets. IPSec tunnel packets are unable to implement typical IP header compression schemes for the inner headers used to reduce packet size because, among other things, the inner headers may be encapsulated along with a payload with encryption and/or authentication.
Thus there is a general need for a method and apparatus that helps reduce the packet size of IPSec tunnel packets. There is also a need for a method and apparatus that reduce the communication bandwidth required for communication of IPSec tunnel packets. There is also a need for a method and apparatus that provides for the compression of inner headers of an IPSec tunnel packet. There is also a need for a method and apparatus that provides for the compression of inner headers of an IPSec tunnel packet that is compatible with the conventional IPSec protocol.
The description set out herein illustrates the various embodiments of the invention and such description is not intended to be construed as limiting in any manner.