VPN Bandwidth Requirements
Stephen Hope
shope at ENERGIS-EIS.CO.UK
Wed Mar 7 06:57:17 EST 2001
Further the mail from Philipp,
You can work a lot of this stuff out as if it was "just another network"
Fundamental issue is that network traffic flows are chaotic, or self
similar. So there is no real "traffic level" as such, there are just some
useful approximations, such as averages and burst levels.
the basic answer is:
A. guess (or, use bandwidth planning, which improves this to an
educated guess).
or
B. measure what you have and extrapolate.
The 2 crucial issues are:
what traffic demands are your users making, ie. how much would flow if there
were no network constraints. (In theory this is almost unlimited for the
TCP/IP protocol, but practical limits usually cut this down).
then how much are you willing to give them - i.e. how much congestion /
contention will you design to.
Once you have this, add maybe 50%-100% to make the whole system work
properly and allow for all the measurement smoothing / averaging of the
results, overheads like VPN encasulation and all the uncertainties.
The most important step is to build something, and test it. Ideally a setup
where is realistic, but where you can vary the bottlenecks. Tests are only
useful if they are realistic, but what bits have to be realistic tends to
vary with the application, protocol, phase of the moon and just about
anything else.
In practise testing is the crucial bit - a lot of the calculations may not
help (i.e. the customer is not willing to pay for more than 256k, so it is
irrelvant if the app works much better with T1 speeds, or it has to work
over a modem link etc.)
Good luck
Stephen
Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189
> -----Original Message-----
> From: Philipp Buehler [mailto:lists at FIPS.DE]
> Sent: 07 March 2001 00:07
> To: VPN at SECURITYFOCUS.COM
> Subject: Re: VPN Bandwidth Requirements
>
>
> On 06/03/2001, Geoffrey Dacosta <geoff.dacosta at EXCITE.COM>
> wrote To VPN at SECURITYFOCUS.COM:
> > an equipment manufacturer, and as part of my work I am
> trying to determine a
> > typical bandwidth requirement of a VPN. I have had
> difficulty in finding
> Hm, you get overhead by IPSec, if this is used in your 'VPN'.
> Depending on usage of AH or not, IKE/ISAKMP or not, you add an amount
> of additional bytes to each packet.
> So, if you calculate for an additional, average 40 bytes per packet
> and a usual average packetsize of 250-300 bytes you get about 15%
> overhead for IPSec usage. Add the possible traffic for IKE.
>
> Using different technologies yield in maybe different overheads of
> course. You should clarify on your vpn design here.
>
> > the answer to this, possibly because it might be like
> asking "what's the
> > average cost of a car?" But, if anybody has any, even a
> vague sense,
> :-) The same for other stuff like 'pure' GRE or such. If your provide
> more details, you get more details as answer :)
>
> > regarding this, I am hoping you can help me. If you can,
> you could you
> > email me at geoff.dacosta at excite.com. Any help is greatly
> appreciated.
> Done.
>
> ciao
> --
> Philipp Buehler, aka fips | sysfive.com GmbH | BOfH | NUCH |
> <double-p>
>
> #1: Break the clue barrier!
> #2: Already had buzzword confuseritis ?
>
> VPN is sponsored by SecurityFocus.COM
>
-----------------------------------------------------------------------------------------------------------
This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Energis Integration Services.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.
We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Energis Integration Services accepts no responsibility once an e-mail
and any attachments leave us.
If you have received this email in error please notify Energis Integration Services Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list