IPSec Traffic Overhead over WAN

Unanswered Question
Feb 22nd, 2007


I would like to know the amount of overhead and throughput consumption that a site-to-site IPSec tunnel would create on WAN links, especially the ones with low throughputs like 128 kbps? So, in such link provided that the classification of my data is confidential, is it recommended to implement VPN tunnel and is their any disadvantage from doing so?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Danilo Dy Thu, 02/22/2007 - 20:42

IPsec can impose high CPU overhead on VPN gateways (due to the processing necessary for packet encryption/decryption and authentication). High CPU overhead can be alleviated by using hardware accelerators (this is often a good idea in live deployments, especially on hub-site routers).

IPsec also impose bandwidth overhead. see this link http://articles.techrepublic.com.com/5100-1035_11-6159446-3.html

haithamnofal Fri, 02/23/2007 - 06:46

Can you please provide more info on such hardware accelerators? Does Cisco have any similar solutions?



haithamnofal Fri, 02/23/2007 - 10:33

You are right, this module enhances the router performance by offloading the VPN to the HW module but it still won't reduce the IPSec overhead over the link! So, in this case the BW consumption won't be reduced!

Please advise!



Danilo Dy Fri, 02/23/2007 - 16:10

Nope, it won't be reduced. Well, there is always a "trade off" whenever one implements security :)


This Discussion