Perry, Danny is right on the performance hit its obvious. How much I think is a a good question. But when you get IPv6 with the present security just doing a authentication with MD5 and no key management. Expect a 50% peformance loss. If Danny's suggestion saves 10% then I think we should take it. /jim