There is not a single IPsec protocol. IPsec is in fact a collection of standards (and drafts, because the IETF process is very slow) that all deal with using cryptography to ensure authenticity and in almost all cases to also guarantee confidentiality of the content of the IP packets. Most of the standards documents contain details of the cryptographic ciphers and algorithms used. The intent of this chapter is to cover what you need to know from a practical point of view, without going into all the details and design decisions.
The IPsec protocols can be split into two main categories: packet handling and trust relationship management. Packet handling is usually done by the operating system kernel itself, since it requires speed, efficiency, and low latency that are easier to offer at the low-level processing of the kernel.
The trust relationship management is not as time sensitive, since it only happens at the start and at the refresh intervals of an IPsec connection...