Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
0
Helpful
1
Replies

IPSEC 3Des Bandwidth Utilization

Go to solution
EPHRAIM MANI
Level 3
Level 3

‎07-22-2005 05:39 PM - edited ‎02-21-2020 01:52 PM

I have 2mbps link we want to enable ipsec 3des on the same if say my 50% of the link is utilized at the given time and if i enable ipsec 3des what is the bandwith utilzed after enabling the ipsec.

3662 w/AIM-VPN/HPII--2mbps link---3662 w/AIM-VPN/HPII

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ehirsel
Level 6
Level 6

‎07-23-2005 05:38 PM

The answer depends upon whether you will use 3des to encrypt new traffic that currently does not flow over your existing link, such as bringing up a new remote site location. If the encrypted traffic is new, that is something additional that does not affect current flow, then you will need to analyze the traffic pattern.

I believe that IPsec will add approx. 50 to 80 bytes to each packet, depending upon whether ah will be used as well as esp, if GRE will be used, and if tunnel mode (new ip headers) will be used too. (Add 24 bytes for AH, 24 bytes for GRE, and 20 bytes for new IP header).

If the IPSec vpn will only be used for existing traffic flows, instead of new ones, the link util should not increase that much; it is CPU intensive more than bandwidth, and I see that you have offloading encrypt cards.

Let me know if you need anything else.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ehirsel
Level 6
Level 6

‎07-23-2005 05:38 PM

The answer depends upon whether you will use 3des to encrypt new traffic that currently does not flow over your existing link, such as bringing up a new remote site location. If the encrypted traffic is new, that is something additional that does not affect current flow, then you will need to analyze the traffic pattern.

I believe that IPsec will add approx. 50 to 80 bytes to each packet, depending upon whether ah will be used as well as esp, if GRE will be used, and if tunnel mode (new ip headers) will be used too. (Add 24 bytes for AH, 24 bytes for GRE, and 20 bytes for new IP header).

If the IPSec vpn will only be used for existing traffic flows, instead of new ones, the link util should not increase that much; it is CPU intensive more than bandwidth, and I see that you have offloading encrypt cards.

Let me know if you need anything else.

0 Helpful
Customers Also Viewed These Support Documents