[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec still too slow?

To: Alex Alten <Alten@home.com>
Subject: Re: IPSec still too slow?
From: "Angelos D. Keromytis" <angelos@cs.columbia.edu>
Date: Fri, 05 Oct 2001 19:24:42 -0400
Cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Fri, 05 Oct 2001 16:15:40 PDT." <3.0.3.32.20011005161540.00b82d40@mail>
Sender: owner-ipsec@lists.tislabs.com

In message <3.0.3.32.20011005161540.00b82d40@mail>, Alex Alten writes:
>Dr. John Ioannidis,
>
>I have a great deal of respect for your contributions to the Internet
>community.  This kind of nasty response greatly surprises me and indicates
>to me that the problems with IPSec are very serious.  I did not take these
>numbers at face value.  That is why I requested confirmation.  However,
>the fact of the matter is, IPSec will always be at least 10x behind the
>communications price/performance curve.  You, of all people, know that.
>And you know that fact will eventually kill off IPSec.

Fortunately, some people factor *security* in their price/performance curve.
Sure, if you want the highest possible throughput AND you're not worried about
attacks on your communication links, you don't need IPsec (or any other security
protocol).

If you *are* worried about the security of your traffic, your curve is no longer
the same.

That said: I can easily achieve more than 200 Mbit/sec throughput (on a Gbit
ethernet; on a 100Mbit, I simply saturate it) with a $300 PCI crypto
accelerator on OpenBSD. There are ethernet/ IPsec combo cards (I know of at
least one, with another one possibly under development) that can easily handle
100Mbit full duplex. And these leave the host machine (server) virtually idle.

As to the magic number of 6 SAs, I can't figure out why that is so; most crypto
cards either have enough memory for over 100 SAs, or don't need to cache
key context (the 200Mbit/s card is one of the latter). For those that do need
key context kept on the card, it's just a matter of more memory --- hardly an
architectural problem with IPsec.

The more important problems are elsewhere: how much state does a server need to
keep per SA (busy web servers might be overwhelmed this way); and how many
public key operations are needed per SA (this is a function of certificates).
Some public key crypto accelerators claim to achieve close to 1000 RSA sign/
verify cycles/second --- somewhat less if one adds a DH exchange; I haven't
personally measured this, but I expect the real performance to be close to
the marketing performance :-)

Finally, as others pointed out, there's nothing inherent in IPsec that makes it
slower compared to other security protocols. Crypto is just slow.

Before posting random-looking numbers on a technical mailing list, it's good
to consider what the numbers mean. That was JI's point, even if he put it a
bit forcefully :-)
-Angelos

References:

Re: IPSec still too slow?

From: Alex Alten <Alten@home.com>

Prev by Date: Re: IPSec still too slow?
Next by Date: RE: IPSec still too slow?
Prev by thread: Re: IPSec still too slow?
Next by thread: Re: IPSec still too slow?
Index(es):
- Main
- Thread