2017/01/26

IPSec Bandwidth Overhead Using AES

For data payloads in excess of the common TCP payload maximum segment size (the MSS) of 1460 Bytes, the IPSec bandwidth overhead using AES is approximately 9.32%. This equates to an ‘efficiency’ of 91.48% (1460/1596) – in other words, that’s how much bandwidth is left for actual data if you’re putting as much data in each packet as possible. Note however that as this packet size is larger than the typical IP (and Ethernet) MTU, it’s very unlikely that you’ll achieve this level of efficiency. As noted in the comments, the ideal MSS appears to be 1328 when using ESP.

Keep in mind that for very small data payloads (common with applications such as Telnet, TN3270 mainframe emulation and SSH) the IPSec bandwidth overhead can as high as 12,300%.

If you add TCP/IP and Ethernet (and VLAN tagging) into the mix (see the calculations from Wikipedia here) then the throughput of a 100Mb link is 100 x 0.92.64 (IPSec+AES efficiency) x 0.9733 (TCP/IP efficiency) x 0.9728 (Ethernet (with tagging) efficiency) which equals 87.71Mbps, a combined efficiency of 87.71%. assuming ideal conditions.

Link: IPSec Bandwidth Overhead Using AES

Комментариев нет:

Ярлыки

perl (30) infosec (26) links (20) freebsd (16) url (15) ipv6 (13) zabbix (13) linux (11) mojo (10) monitoring (10) snmp (10) asterisk (9) fun (8) security (7) bgbilling (6) cisco (6) mysql (6) blogs (5) ubuntu (5) crypto (4) dlink (4) exploits (4) ipv4 (4) law (4) mikrotik (4) mojolicious (4) openssl (4) postfix (4) radio (4) tools (4) utf-8 (4) windows (4) android (3) apache (3) books (3) debug (3) dns (3) hp (3) java (3) js (3) json (3) latex (3) oracle (3) performance (3) rhel (3) ripe ncc (3) syslog (3) ubnt (3) vim (3) agi (2) atlassian (2) backup (2) bgp (2) centos (2) console (2) cpan (2) cpanmin (2) css (2) ctf (2) edge-core (2) editors (2) elasticsearch (2) git (2) gns3 (2) google (2) graphite (2) hack (2) hdd (2) hyper-v (2) isp (2) kannel (2) mac (2) management (2) mibs (2) microsoft (2) movie (2) msa (2) ntp (2) pentest (2) puppet (2) qa tests (2) quotes (2) reverse engeenering (2) shell (2) smpp (2) social engineering (2) ssl (2) statistic (2) storage (2) switches (2) tcp/ip (2) tex (2) usb (2) vm (2) vmware (2) websec (2) xsrf (2) yandex (2) ПДн (2) электронное правительство (2) Xorg (1) amavis (1) amazon s3 (1) analyze (1) anonymous (1) applications (1) as (1) ascii (1) autofs (1) balancer (1) bandwidth (1) bem (1) bind (1) bl (1) chef (1) chief (1) cluster (1) cnupm (1) cnupmsave (1) confluence (1) cpu (1) cvs (1) dbi (1) ddos (1) devices (1) dhcp (1) dht (1) diet (1) diskarray (1) docker (1) dummynet (1) dynax60 (1) epub (1) equipment (1) esx (1) fax (1) firmware (1) fitness (1) form (1) fs (1) fsb (1) ftp (1) golf (1) gprs (1) graphics (1) gsm (1) honeypot (1) html (1) iops (1) ios (1) ipn (1) ipsec (1) iptv (1) iso (1) itil (1) itsm (1) jabber (1) jira (1) joke (1) jsonp (1) logstash (1) mem (1) metasploit (1) microscope (1) mindmap (1) mobile (1) modem (1) mp3 (1) music (1) nano (1) nas (1) noc (1) ocfs2 (1) ocs2 (1) openbsd (1) openfire (1) oscm (1) ospf (1) packet tracer (1) parsing (1) pass-the-hash (1) pgu.mos.ru (1) phd (1) php (1) poe (1) ports (1) postfixadmin (1) ppp (1) profiler (1) protobuf (1) radmin (1) raid (1) repo (1) rest (1) riemann (1) rrd (1) rs-232 (1) rss (1) rtp (1) ruby (1) scanners (1) serialization (1) sip (1) skype (1) sms (1) snmptranslate (1) soap (1) spam (1) spamcop (1) spf (1) sql (1) ssrf (1) standarts (1) sudoers (1) svn (1) syslog-ng (1) tde200 (1) tftp (1) tomcat (1) tuning (1) uce (1) underground (1) ups (1) video (1) voip (1) vpn (1) wds (1) web (1) websockets (1) wireless (1) x-plane (1) xml (1) xss (1) верстка (1) гибдд (1) гипервизоры (1) здоровье (1) панчеры (1)

Subscribe in a reader

Web Analytics