[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bandwidth in the Internet

To: ipsec@TIS.COM
Subject: Re: bandwidth in the Internet
From: "C. Harald Koch" <chk@border.com>
Date: Tue, 10 Sep 1996 10:47:25 -0400
In-Reply-To: Your message of "Mon, 09 Sep 1996 19:15:23 -0400". <199609092315.QAA25197@puli.cisco.com>
Organization: Secure Computing Canada Ltd.
Phone: +1 416 368 7157
References: <199609092315.QAA25197@puli.cisco.com>
Sender: ipsec-approval@neptune.tis.com

Ok, let me rephrase my question.

How many places in the Internet is an extra 20-30 bytes of overhead *really*
a problem? We've already inflated packet sizes with IPv6, remember? How many
of these environments simply couldn't live with the extra overhead in
exchange for the security benefits?

Just for fun, Here is an example of packet overhead causing problems (cable
modems):

At least one cable modem I've heard about has 10Mbps in one direction, and
28.8Kbps in the backchannel.

Assuming 45 bytes/ACK (40 + ~5 for PPP), you can get a maximum of 80 ACK/sec
through the backchannel. This means 160 packets/sec in the forward direction
(TCP acks every second segment); this yields a maximum bandwidth usage of
1.92Mbps (using 1500 byte MTU). Only 1/5th the available bandwidth.

Increasing the ACK size to 65 bytes (20 for SKIP+ESP?) yields 660Kbps
throughput on the forward channel; even worse.

Are there others? I don't see a problem with 28.8, for example; usage is
highly asymmetric, and V.34 modems have much higher problems with internal
latency than we would be adding with IPsec overhead.

Any others?

-- 
Harald

Message-Id: <199609101531.LAA29366@jekyll.piermont.com>
To: Rich Skrenta <skrenta@osmosys.incog.com>
Cc: ipsec@TIS.COM
Subject: Re: Status of IPSEC Key Management 
In-Reply-To: Your message of "Mon, 09 Sep 1996 16:19:00 PDT."
Reply-To: perry@piermont.com
X-Reposting-Policy: redistribute only with permission
Date: Tue, 10 Sep 1996 11:31:44 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

Rich Skrenta writes:
> We've talked about possible optimizations and header compression schemes,
> but haven't yet pursued these ideas, mostly because the size of SKIP
> packets hasn't been an issue in our actual deployments.  Compared with
> other impacts on total performance (such as the speed of Triple DES in
> software), a few extra bytes in each packet are not noticed.

That is comparing apples and oranges. Almost any machine can keep up
with the speed needed to run 3DES at 28.8, so at dialup speeds the
overhead there is ignorable -- on the other hand, extra overhead on a
dialup line slows your real performance considerably, and it is true
that most of the world still is on dialup modems.

Perry

Follow-Ups:

Re: bandwidth in the Internet

From: Norman Shulman <norm@border.com>

Re: bandwidth in the Internet

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: bandwidth in the Internet
Next by Date: Re: Status of IPSEC Key Management
Prev by thread: Re: bandwidth in the Internet
Next by thread: Re: bandwidth in the Internet
Index(es):
- Main
- Thread