[vpn] Cisco IPSec DES Bandwidth Overhead

Joel M Snyder Joel.Snyder at Opus1.COM
Thu Jun 20 01:53:59 EDT 2002


IPSEC adds between 50 and 57 octets of data to an IP packet for a normal
ESP+3DES+SHA tunnel.  This is invariant of packet size, modulo the
8-octet padding boundary.  The bandwidth increase is largely irrelevant.
 What kills you is when large packets (1500 octets) must be fragmented
because the now-larger packet is too big for the MTU.  This can double
your packet count: you end up with alternating large/small packets and
this plays havoc with the network.  Networks operate poorly because they
have too many packets, not because they have too many bits.

jms

Andre Venter wrote:
> 
> Hi All,
> 
> Can anybody tell me what the Bandwidth overhead is, as an average percentage, when using Cisco IPSec DES Encryption between two points.
> 
> Any info would be appreciated,
> 
> Kind Regards
> 
> Andre
> 
> VPN is sponsored by SecurityFocus.com

-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms at Opus1.COM    http://www.opus1.com/jms    Opus One
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2067 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20020619/a30e78ad/attachment.bin 


More information about the VPN mailing list