[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec performance statistics

To: "'Kopeikin, Roy A (Roy)'" <rkopeikin@lucent.com>, Marc Solsona-Palomar <marc@iprg.nokia.com>
Subject: RE: IPSec performance statistics
From: Michael Choung Shieh <mshieh@netscreen.com>
Date: Tue, 31 Jul 2001 10:18:18 -0700
Cc: Parijat Mishra <parijat@cwc.nus.edu.sg>, awank@future.futsoft.com, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com


The performance lost of ipsec processing depends on the architecture of the
design and the size of packets.  Some vendors can achieve wire-speed while
the others only improve a little even with hardware acceleration.  It's also
easier to boost the performance for large size packets(1500bytes) than small
size (64bytes).

Hardware accelaration does reduce the difference of processing time between
encryption algorithms. The differences between DES and 3DES processing may
be less than 10%.  

I would say the performance really depends on the gateway you used.  There
are many reports and comparisons out there.

--------------------------------------------
Michael Shieh
NetScreen Technologies, Inc
350 Oakmead Parkway
Sunnyvale, CA 94085
TEL: (408)730-6060
FAX: (408)730-6050
Email:  mshieh@netscreen.com
--------------------------------------------

-----Original Message-----
From: Kopeikin, Roy A (Roy) [mailto:rkopeikin@lucent.com]
Sent: Tuesday, July 31, 2001 9:26 AM
To: Marc Solsona-Palomar
Cc: Parijat Mishra; awank@future.futsoft.com; ipsec@lists.tislabs.com
Subject: RE: IPSec performance statistics


Marc,
Do you think these cycles lost can bd quantified into performanc statistics?
roy

-----Original Message-----
From: Marc Solsona-Palomar [mailto:marc@iprg.nokia.com]
Sent: Tuesday, July 31, 2001 4:22 AM
To: Kopeikin, Roy A (Roy)
Cc: Parijat Mishra; awank@future.futsoft.com; ipsec@lists.tislabs.com
Subject: Re: IPSec performance statistics


IPsec processing implies an overhead. Even the fact to send the packet
somewhere else (like to an accelerator card) means cycles lost. What an
accelerator will provide is more unified results across different algorithms
as the chips have been optimized for this type of processing.

marc

"Kopeikin, Roy A (Roy)" wrote:

> Correct me if I'm wrong but I think this is a non-issue for corporate VPNs
> since accelerator boards are typically integrated to handle the encryption
> and decryption functions. It is unacceptable for VPNs to degrade
> router/internework performance.
> Roy
>
> -----Original Message-----
> From: Parijat Mishra [mailto:mishrap@cwc.nus.edu.sg]
> Sent: Monday, July 30, 2001 9:26 PM
> To: awank@future.futsoft.com; ipsec@lists.tislabs.com
> Subject: Re: IPSec performance statistics
>
> There will be lots of statistics, but they'll depend on the machines
> used, and the packet size. However, my observation is that with
> ESP-3DES, the time taken to process packets is almost doubled.
>
> It should be easy to run performance tests for your own setup.
>
> Parijat
> ----- Original Message -----
> From: "Awan Kumar" <awank@future.futsoft.com>
> To: <ipsec@lists.tislabs.com>
> Sent: Monday, July 30, 2001 12:26 PM
> Subject: IPSec performance statistics
>
> | Hi,
> |   Can anybody provide some statistics on the percentage of change in
> | performance (throughtput) due to the inclusion of IPsec in the IP
> stack. Are
> | there any statistics available which shows the reduction in
> performance due
> | to the use of DES or 3DES for ESP.
> |
> | Thanks in advance.
> |
> | Regards,
> | Awan
> |
> | ----------------------------
> | Awan Kumar Sharma
> | Sr. Software Engg.,
> | Future Software Ltd.,
> | Chennai, India.
> | Ph: 4330 550 Extn: 437
> |   (www.futsoft.com)
> | ------------------------------
> |
> |

Prev by Date: RE: IPSec performance statistics
Next by Date: Re: [Design] A hardware acceleration project for FreeS/WAN
Prev by thread: RE: IPSec performance statistics
Next by thread: IPsec Bakeoff in Finland
Index(es):
- Main
- Thread