[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec performance statistics

To: Alex Alten <Alten@home.com>
Subject: Re: IPSec performance statistics
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
Date: Thu, 02 Aug 2001 16:09:42 -0400
cc: "David Carman" <dcarman@hw.midatlanticexpress.com>, ipsec@lists.tislabs.com, David_Carman@nai.com
In-reply-to: Your message of "Thu, 02 Aug 2001 12:06:38 PDT." <3.0.3.32.20010802120638.00e22c70@mail>
Reply-to: sommerfeld@East.Sun.COM
Sender: owner-ipsec@lists.tislabs.com

> Does anyone have metrics for SA setup costs, with and without IKE?
> I've seen claims of about 1 setup (w/out IKE?) per second in
> hardware.

That's really kind of pessimistic.  

I'm reluctant to quote exact numbers on a product not yet shipping,
but the IPsec/IKE product I'm currently working on, running without
any specialized hardware, does considerably better than that when the
peers are "close" as the packet flies..

I can readily believe 1 second setup time *including* the IKE exchange
when the round trip time between peers is in the 100-200ms range.

Main mode + quick mode + first-user-traffic winds up being about 5
round trips, so network latency winds up being a dominant factor in
how long it takes to get things flowing..

						- Bill

Follow-Ups:

Re: IPSec performance statistics

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:

RE: IPSec performance statistics

From: Alex Alten <Alten@home.com>

Prev by Date: RE: IPSec performance statistics
Next by Date: Re: IPSec performance statistics
Prev by thread: RE: IPSec performance statistics
Next by thread: Re: IPSec performance statistics
Index(es):
- Main
- Thread