[vpn] Cisco IPSec DES Bandwidth Overhead
Joel M Snyder
Joel.Snyder at Opus1.COM
Mon Jul 8 16:05:03 EDT 2002
I don't know if anyone paid any attention (presumably not, because no one
caught my error), but I re-visited this calculation (from 20-June)
today and stand by my original number: 50 to 57 octets overhead for ESP in
tunnel mode with DES or 3DES(the general case). In the one I'm quoting below,
I somehow got 16 octets as the ICV, which it's not---96 bits is 12 octets.
Just so the record's straight and my conscience is clear...
jms
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 x101 (v) +1 520 324 0495 (FAX)
jms at Opus1.COM http://www.opus1.com/jms Opus One
>--------------msFEDDC67D061660B1147CD5D7
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>> 32 bytes for ESP with DES+MD5
>No, definitely more than that. Here's the breakdown:
>20 octets for the IP tunnel header.
>4 for the SPI
>4 for the sequence number
>8 for the IV (DES/3DES are the same; 64-bit IV)
>some amount of padding, which may be between 0 and 7 octets
>1 octet for pad length
>1 octet for next header
>16 octets for the ICV (hash) (HMAC-SHA1-96 or HMAC-MD5-96 are the same)
>So I was wrong: it's between 54 and 61.
>I don't know where I came up with 50 to 57. Probably counted the IV as
>4 instead of 8. It was late here...
>jms
>Christopher Gripp wrote:
>>
>> 32 bytes for ESP with DES+MD5
>>
>> -----Original Message-----
>> From: Andre Venter [mailto:andrev at uunet.co.za]
>> Sent: Wed 6/19/2002 10:17 PM
>> To: vpn at securityfocus.com
>> Cc:
>> Subject: [vpn] Cisco IPSec DES Bandwidth Overhead
>>
>>
>>
>> Hi All,
>>
>> Can anybody tell me what the Bandwidth overhead is, as an average percentage, when using Cisco IPSec DES Encryption between two points.
>>
>> Any info would be appreciated,
>>
>> Kind Regards
>>
>> Andre
>>
>>
>> VPN is sponsored by SecurityFocus.com
>>
>>
>--
>Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
>Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
>jms at Opus1.COM http://www.opus1.com/jms Opus One
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list