02-22-2007 04:36 PM - edited 03-03-2019 03:53 PM
Hi,
I would like to know the amount of overhead and throughput consumption that a site-to-site IPSec tunnel would create on WAN links, especially the ones with low throughputs like 128 kbps? So, in such link provided that the classification of my data is confidential, is it recommended to implement VPN tunnel and is their any disadvantage from doing so?
Regards,
Haitham
02-22-2007 08:42 PM
IPsec can impose high CPU overhead on VPN gateways (due to the processing necessary for packet encryption/decryption and authentication). High CPU overhead can be alleviated by using hardware accelerators (this is often a good idea in live deployments, especially on hub-site routers).
IPsec also impose bandwidth overhead. see this link http://articles.techrepublic.com.com/5100-1035_11-6159446-3.html
02-23-2007 06:46 AM
Can you please provide more info on such hardware accelerators? Does Cisco have any similar solutions?
Regards,
Haitham
02-23-2007 06:48 AM
Yes, Cisco have VPN accelerator to take care of IPSEC VPN packets so as not to stress the CPU. LEt me know your device model
Heres the VPN module for some router model http://www.cisco.com/en/US/products/ps6635/products_qanda_item0900aecd80516d81.shtml
02-23-2007 10:33 AM
You are right, this module enhances the router performance by offloading the VPN to the HW module but it still won't reduce the IPSec overhead over the link! So, in this case the BW consumption won't be reduced!
Please advise!
Regards,
Haitham
02-23-2007 04:10 PM
Nope, it won't be reduced. Well, there is always a "trade off" whenever one implements security :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: