RE: ipsec NICs?

["Elzur, Uri" <uri.elzur@intel.com>]

Several examples might be Enterprise LAN with 100Mbs (and more in the
future), Servers with 100/1G or backbone resident devices. Pls note that
when a CPU is overloaded with Enc/Dec or Auth that overcome its power, it
will not only neglect other application but might also bring the network
connection to a grinding slow speeds.

thx

Uri Elzur
uri.elzur@intel.com                   



-----Original Message-----
From: Henry Spencer [mailto:henry@spsystems.net]
Sent: Monday, March 06, 2000 3:05 PM
To: Michael Helm
Cc: ipsec@lists.tislabs.com
Subject: Re: ipsec NICs?


On Sun, 5 Mar 2000, Michael Helm wrote:
> Is there anyone keeping track of vendors' ipsec-friendly
> NICs & other networking cards? ... think it's necessary to put
> at least some crypto support for this set of standards
> on the hardware in order for it to be practical on a wide
> scale.

Why?  The commodity processors (200MHz Pentiums and the like) currently
being *thrown out* in favor of newer ones will do IPSEC using 3DES -- a
software-unfriendly algorithm if there ever was one -- and MD5 at several
megabits per second.  (I'm talking about measured end-to-end data rates
with real protocols, mind you, not theoretical calculations.)  High-end
consumer-market processors with software-optimized algorithms should take 
this up into the T3 range.

These standards are practical on cheap, commodity computers right now.
Only people with very fat pipes have a real need for crypto hardware.

                                                          Henry Spencer
                                                       henry@spsystems.net

---

Follow-Ups:

• RE: ipsec NICs?
• From: Michael Thomas <mat@cisco.com>

---

• Prev by Date: Re: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
• Next by Date: RE: ipsec NICs?
• Prev by thread: Re: ipsec NICs?
• Next by thread: RE: ipsec NICs?
• Index(es):
  • Main
  • Thread