[vpn] Cisco IPSec DES Bandwidth Overhead
Joel M Snyder
Joel.Snyder at Opus1.COM
Thu Jun 20 10:13:28 EDT 2002
> 32 bytes for ESP with DES+MD5
No, definitely more than that. Here's the breakdown:
20 octets for the IP tunnel header.
4 for the SPI
4 for the sequence number
8 for the IV (DES/3DES are the same; 64-bit IV)
some amount of padding, which may be between 0 and 7 octets
1 octet for pad length
1 octet for next header
16 octets for the ICV (hash) (HMAC-SHA1-96 or HMAC-MD5-96 are the same)
So I was wrong: it's between 54 and 61.
I don't know where I came up with 50 to 57. Probably counted the IV as
4 instead of 8. It was late here...
jms
Christopher Gripp wrote:
>
> 32 bytes for ESP with DES+MD5
>
> -----Original Message-----
> From: Andre Venter [mailto:andrev at uunet.co.za]
> Sent: Wed 6/19/2002 10:17 PM
> To: vpn at securityfocus.com
> Cc:
> Subject: [vpn] Cisco IPSec DES Bandwidth Overhead
>
>
>
> Hi All,
>
> Can anybody tell me what the Bandwidth overhead is, as an average percentage, when using Cisco IPSec DES Encryption between two points.
>
> Any info would be appreciated,
>
> Kind Regards
>
> Andre
>
>
> VPN is sponsored by SecurityFocus.com
>
>
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
jms at Opus1.COM http://www.opus1.com/jms Opus One
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2067 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20020620/0d825cd4/attachment.bin
More information about the VPN
mailing list