[vpn] Cisco IPSec DES Bandwidth Overhead

Christopher Gripp cgripp at axcelerant.com
Thu Jun 20 12:30:53 EDT 2002 

Thanks for the breakdown.  It was my failure to reference a good source
of information.
FYI, the source was a Linux article;
http://www.linuxsecurity.com/feature_stories/yavipin-vpn.html



Christopher Gripp 
Systems Engineer 
Axcelerant

"A dead thing can go with the stream, but only a living thing can go
against it."  G.K. Chesterton

> -----Original Message-----
> From: Joel M Snyder [mailto:Joel.Snyder at Opus1.COM]
> Sent: Thursday, June 20, 2002 7:13 AM
> To: Christopher Gripp
> Cc: Andre Venter; vpn at securityfocus.com
> Subject: Re: [vpn] Cisco IPSec DES Bandwidth Overhead
> 
> 
> > 32 bytes for ESP with DES+MD5
> 
> No, definitely more than that.  Here's the breakdown:
> 
> 20 octets for the IP tunnel header.
> 4 for the SPI
> 4 for the sequence number
> 8 for the IV (DES/3DES are the same; 64-bit IV)
> some amount of padding, which may be between 0 and 7 octets
> 1 octet for pad length
> 1 octet for next header
> 16 octets for the ICV (hash) (HMAC-SHA1-96 or HMAC-MD5-96 are 
> the same)
> 
> So I was wrong: it's between 54 and 61.  
> 
> I don't know where I came up with 50 to 57.  Probably counted 
> the IV as
> 4 instead of 8.  It was late here... 
> 
> jms
> 
> 
> Christopher Gripp wrote:
> > 
> > 32 bytes for ESP with DES+MD5
> > 
> >         -----Original Message-----
> >         From: Andre Venter [mailto:andrev at uunet.co.za]
> >         Sent: Wed 6/19/2002 10:17 PM
> >         To: vpn at securityfocus.com
> >         Cc:
> >         Subject: [vpn] Cisco IPSec DES Bandwidth Overhead
> > 
> > 
> > 
> >         Hi All,
> > 
> >         Can anybody tell me what the Bandwidth overhead is, 
> as an average percentage, when using Cisco IPSec DES 
> Encryption between two points.
> > 
> >         Any info would be appreciated,
> > 
> >         Kind Regards
> > 
> >         Andre
> > 
> > 
> >         VPN is sponsored by SecurityFocus.com
> > 
> > 
> 
> -- 
> Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
> Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
> jms at Opus1.COM    http://www.opus1.com/jms    Opus One
> 

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list