[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec performance statistics

To: "ipsec@lists.tislabs.com" <ipsec@lists.tislabs.com>
Subject: Re: IPSec performance statistics
From: Marc Solsona-Palomar <marc@iprg.nokia.com>
Date: Tue, 31 Jul 2001 10:26:02 +0000
Sender: owner-ipsec@lists.tislabs.com

I don't have any numbers available but from the top of my head I can see
three
elements that will determine the accelerator overhead:

    - Compiler
    - System architecture
    - Memory access implementation.

I understand that some of these elements can be minimized but that will
be the
case of a typical accelerator. I believe all those could be quantified.
There
is a lot more to be done when IPsec is in place that just route the
packet, and
keeping up with wire speed becomes a bigger challenge. I agree that the
goal is
to provide wirespeed for secure connections and I think everybody is
working on
it. Right?

marc.

"Kopeikin, Roy A (Roy)" wrote:

> Marc,
> Do you think these cycles lost can bd quantified into performanc
statistics?
> roy
>
> -----Original Message-----
> From: Marc Solsona-Palomar [mailto:marc@iprg.nokia.com]
> Sent: Tuesday, July 31, 2001 4:22 AM
> To: Kopeikin, Roy A (Roy)
> Cc: Parijat Mishra; awank@future.futsoft.com; ipsec@lists.tislabs.com
> Subject: Re: IPSec performance statistics
>
> IPsec processing implies an overhead. Even the fact to send the packet

> somewhere else (like to an accelerator card) means cycles lost. What
an
> accelerator will provide is more unified results across different
algorithms
> as the chips have been optimized for this type of processing.
>
> marc
>
> "Kopeikin, Roy A (Roy)" wrote:
>
> > Correct me if I'm wrong but I think this is a non-issue for
corporate VPNs
> > since accelerator boards are typically integrated to handle the
encryption
> > and decryption functions. It is unacceptable for VPNs to degrade
> > router/internework performance.
> > Roy
> >
> > -----Original Message-----
> > From: Parijat Mishra [mailto:mishrap@cwc.nus.edu.sg]
> > Sent: Monday, July 30, 2001 9:26 PM
> > To: awank@future.futsoft.com; ipsec@lists.tislabs.com
> > Subject: Re: IPSec performance statistics
> >
> > There will be lots of statistics, but they'll depend on the machines

> > used, and the packet size. However, my observation is that with
> > ESP-3DES, the time taken to process packets is almost doubled.
> >
> > It should be easy to run performance tests for your own setup.
> >
> > Parijat
> > ----- Original Message -----
> > From: "Awan Kumar" <awank@future.futsoft.com>
> > To: <ipsec@lists.tislabs.com>
> > Sent: Monday, July 30, 2001 12:26 PM
> > Subject: IPSec performance statistics
> >
> > | Hi,
> > |   Can anybody provide some statistics on the percentage of change
in
> > | performance (throughtput) due to the inclusion of IPsec in the IP
> > stack. Are
> > | there any statistics available which shows the reduction in
> > performance due
> > | to the use of DES or 3DES for ESP.
> > |
> > | Thanks in advance.
> > |
> > | Regards,
> > | Awan
> > |
> > | ----------------------------
> > | Awan Kumar Sharma
> > | Sr. Software Engg.,
> > | Future Software Ltd.,
> > | Chennai, India.
> > | Ph: 4330 550 Extn: 437
> > |   (www.futsoft.com)
> > | ------------------------------
> > |
> > |

Prev by Date: Re: IPSec performance statistics
Next by Date: Re: IPsec Bakeoff in Finland
Prev by thread: Re: IPSec performance statistics
Next by thread: RE: IPSec performance statistics
Index(es):
- Main
- Thread