[vpn] Cisco IPSec DES Bandwidth Overhead
Joel M Snyder
Joel.Snyder at Opus1.COM
Thu Jun 20 01:53:59 EDT 2002
IPSEC adds between 50 and 57 octets of data to an IP packet for a normal
ESP+3DES+SHA tunnel. This is invariant of packet size, modulo the
8-octet padding boundary. The bandwidth increase is largely irrelevant.
What kills you is when large packets (1500 octets) must be fragmented
because the now-larger packet is too big for the MTU. This can double
your packet count: you end up with alternating large/small packets and
this plays havoc with the network. Networks operate poorly because they
have too many packets, not because they have too many bits.
Andre Venter wrote:
> Hi All,
> Can anybody tell me what the Bandwidth overhead is, as an average percentage, when using Cisco IPSec DES Encryption between two points.
> Any info would be appreciated,
> Kind Regards
> VPN is sponsored by SecurityFocus.com
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
jms at Opus1.COM http://www.opus1.com/jms Opus One
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2067 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20020619/a30e78ad/attachment.bin
More information about the VPN