[vpn] Cisco IPSec DES Bandwidth Overhead
Christopher Gripp
cgripp at axcelerant.com
Thu Jun 20 12:30:53 EDT 2002
Thanks for the breakdown. It was my failure to reference a good source
of information.
FYI, the source was a Linux article;
http://www.linuxsecurity.com/feature_stories/yavipin-vpn.html
Christopher Gripp
Systems Engineer
Axcelerant
"A dead thing can go with the stream, but only a living thing can go
against it." G.K. Chesterton
> -----Original Message-----
> From: Joel M Snyder [mailto:Joel.Snyder at Opus1.COM]
> Sent: Thursday, June 20, 2002 7:13 AM
> To: Christopher Gripp
> Cc: Andre Venter; vpn at securityfocus.com
> Subject: Re: [vpn] Cisco IPSec DES Bandwidth Overhead
>
>
> > 32 bytes for ESP with DES+MD5
>
> No, definitely more than that. Here's the breakdown:
>
> 20 octets for the IP tunnel header.
> 4 for the SPI
> 4 for the sequence number
> 8 for the IV (DES/3DES are the same; 64-bit IV)
> some amount of padding, which may be between 0 and 7 octets
> 1 octet for pad length
> 1 octet for next header
> 16 octets for the ICV (hash) (HMAC-SHA1-96 or HMAC-MD5-96 are
> the same)
>
> So I was wrong: it's between 54 and 61.
>
> I don't know where I came up with 50 to 57. Probably counted
> the IV as
> 4 instead of 8. It was late here...
>
> jms
>
>
> Christopher Gripp wrote:
> >
> > 32 bytes for ESP with DES+MD5
> >
> > -----Original Message-----
> > From: Andre Venter [mailto:andrev at uunet.co.za]
> > Sent: Wed 6/19/2002 10:17 PM
> > To: vpn at securityfocus.com
> > Cc:
> > Subject: [vpn] Cisco IPSec DES Bandwidth Overhead
> >
> >
> >
> > Hi All,
> >
> > Can anybody tell me what the Bandwidth overhead is,
> as an average percentage, when using Cisco IPSec DES
> Encryption between two points.
> >
> > Any info would be appreciated,
> >
> > Kind Regards
> >
> > Andre
> >
> >
> > VPN is sponsored by SecurityFocus.com
> >
> >
>
> --
> Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
> Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
> jms at Opus1.COM http://www.opus1.com/jms Opus One
>
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list