[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP performance numbers

To: ipsec@tis.com
Subject: ISAKMP performance numbers
From: Robert Moskowitz <rgm3@chrysler.com>
Date: Tue, 05 Aug 1997 08:36:58 -0400
Reply-To: rgm3@chrysler.com
Sender: owner-ipsec@ex.tis.com

With the discussion some time back on ISAKMP performance, I approached one
of the vendors that I knew was shipping a product with ISAKMP.  RedCreek's
product uses DSS sig, not RSA so some of the numbers MIGHT be different.

From: Cary Hayward <caryh@best.com>
To: "'rgm3@chrysler.com'" <rgm3@chrysler.com>
Subject: RE: RedCreek Performance Answer
Date: Mon, 4 Aug 1997 17:15:53 -0700

Bob:  Yes this is publishable on the IPSec list.  Answers on performance
interspersed below.

Cary
caryh@redcreek.com

----------
From: 	Robert Moskowitz[SMTP:rgm3@chrysler.com]
Sent: 	Friday, August 01, 1997 5:10 AM
To: 	Cary Hayward
Subject: 	Re: RedCreek Performance Answer

At 06:13 PM 7/31/97 -0700, Cary Hayward wrote:

Thanks Cary.  Is this publishable on the IPsec list?

>Cary:  Getting back to you on the performance question.  Here are the
results:  1.5-2 seconds to build a secure association between two IPSec
gateways, this includes standard network latencies.  The gateways have 32 bit 

>Bob: Since there are network latencies included here, a number of SA setups
could be going on parrallel.  10 simultaneous SAs will not take 150 sec,
rather what?  60sec?

>Cary: Our first set of answers were based on our experience between two
Ravlin 10's.  As you might imagine it is hard to test large numbers of
simulaneous key exchanges, but we feel your supositions are correct.  With
small numbers of simulaneous SAs, we have found that the SA setup times to
be non-linear; therefore, 75 seconds may be a solid discussion number in
this scenerio.  The obvious reasons for the non-linearity is network
latencies and the fact that with a test of two gateways, each gateway would
be idle (not performing public key operations) for over 50% of the time.

>Cary: RISC processors rated at 30 MIPS.  By comparision, a Pentium-166
would be
approximately 10 times faster.  Each SA set-up includes:
>
>Cary: Two 1024-bit DSS signature generations,
>Cary: Four 1024-bit DSS signature verifies,
>Cary: and four DH exponentiations for a total of fourteen 1024-bit
exponentiations

>Bob: Would RSA be faster or slower?  What about Eliptic Curves instead of DH?

>Cary: We think that RSA would essentially be the same as DH.  This is
because RSA uses the exponential value of 0x3 or 0x10001 for encryption, it
will operate significantly faster than generalized DH.  RSA decryption
performance, however, would essentially be the same as DH.  The result is
that if you add in all the real overhead, (e.g. hashing, X.509 cert
processing, random number generation, etc.) RSA based solutions would be
about 50% to 70% faster than DH of equal modulus length.  That said, we
feel that with more optimization, DH can approach RSA in terms of performance.

>Cary: We cannot comment on actual performance numbers for eliptic curves
without further study, will report in after we take a look.


Robert Moskowitz
Chrysler Corporation
(810) 758-8212

Prev by Date: Re: Calling the question: derived vs. explicit IV
Next by Date: Re: ISAKMP performance numbers
Prev by thread: ID: draft-bitan-auth-des-mac-00.txt
Next by thread: Re: ISAKMP performance numbers
Index(es):
- Main
- Thread