[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Do we actually need dynamic ports?



Michael Choung Shieh writes:
> Doing extra IKE to creat a new sa DURING application will introduce extra
> latency and it may cause packet drop or retransmit.  It's probably not

Yes, it requires about one round trip latency. You send IKE QM packet
out, and get reply to it. The crypto processing for both packets is
simply symmetric decrypt/encrypt and little bit of hashing. 

> preferred if every FTP put/get will delay one or two seconds when passing
> through IKE.

If you are doing that over satelite link then it will be one or two
seconds (actually two seconds requires more than one satelite link).
If you are doing it over normal internet it requires about 10-300 ms
(to www.cisco.com from Finland it seems to be about 192 ms now).
-- 
kivinen@ssh.fi
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/