[vpn] Cisco IPSec DES Bandwidth Overhead

Joel M Snyder Joel.Snyder at Opus1.COM
Mon Jul 8 16:05:03 EDT 2002


I don't know if anyone paid any attention (presumably not, because no one
caught my error), but I re-visited this calculation (from 20-June)
today and stand by my original number: 50 to 57 octets overhead for ESP in
tunnel mode with DES or 3DES(the general case).  In the one I'm quoting below,
I somehow got 16 octets as the ICV, which it's not---96 bits is 12 octets. 

Just so the record's straight and my conscience is clear...

jms


Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 x101 (v) +1 520 324 0495 (FAX)  
jms at Opus1.COM    http://www.opus1.com/jms    Opus One


>--------------msFEDDC67D061660B1147CD5D7
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit

>> 32 bytes for ESP with DES+MD5

>No, definitely more than that.  Here's the breakdown:

>20 octets for the IP tunnel header.
>4 for the SPI
>4 for the sequence number
>8 for the IV (DES/3DES are the same; 64-bit IV)
>some amount of padding, which may be between 0 and 7 octets
>1 octet for pad length
>1 octet for next header
>16 octets for the ICV (hash) (HMAC-SHA1-96 or HMAC-MD5-96 are the same)

>So I was wrong: it's between 54 and 61.

>I don't know where I came up with 50 to 57.  Probably counted the IV as
>4 instead of 8.  It was late here...

>jms


>Christopher Gripp wrote:
>>
>> 32 bytes for ESP with DES+MD5
>>
>>         -----Original Message-----
>>         From: Andre Venter [mailto:andrev at uunet.co.za]
>>         Sent: Wed 6/19/2002 10:17 PM
>>         To: vpn at securityfocus.com
>>         Cc:
>>         Subject: [vpn] Cisco IPSec DES Bandwidth Overhead
>>
>>
>>
>>         Hi All,
>>
>>         Can anybody tell me what the Bandwidth overhead is, as an average percentage, when using Cisco IPSec DES Encryption between two points.
>>
>>         Any info would be appreciated,
>>
>>         Kind Regards
>>
>>         Andre
>>
>>
>>         VPN is sponsored by SecurityFocus.com
>>
>>

>--
>Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
>Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
>jms at Opus1.COM    http://www.opus1.com/jms    Opus One

VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list