IPSec Overheads

Answered Question
Jul 27th, 2008
User Badges:

Hi,


Can anyone tell me what sort of overhead 3DES (ESP) puts on an IP packet?


From memory, theres 50-73 additional bytes and I recall that it must be in increments of 8 but I dont understand the huge variation (50-73).


Can I accurately calculate the overhead of 3des over IP?


Regards

Scott

Correct Answer by a.alekseev about 9 years 1 day ago

The overhead depends on the transform set.


for esp-3des esp-md5-hmac, esp-des esp-md5-hmac, esp-3des esp-sha-hmac, esp-des esp-sha-hmac the overhed will be 50-57bytes


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
a.alekseev Mon, 07/28/2008 - 04:52
User Badges:
  • Gold, 750 points or more

The overhead depends on the transform set.


for esp-3des esp-md5-hmac, esp-des esp-md5-hmac, esp-3des esp-sha-hmac, esp-des esp-sha-hmac the overhed will be 50-57bytes


Scott Cannon Mon, 07/28/2008 - 15:32
User Badges:

Thanks for your help.


Is there a matrix or other document somewhere I can reference to determine the overheads for the various transform sets?


Ie. You didnt mention AES encryption, or the AH protocol (probably because no one uses it, but still...)

a.alekseev Wed, 07/30/2008 - 00:38
User Badges:
  • Gold, 750 points or more

for AES (esp-aes esp-md5-hmac) 58-73bytes

fot DES,3DES (ah-des esp-md5-hmac) 62-69bytes


Christian Chautems Thu, 10/23/2008 - 06:43
User Badges:

Hello,


I have received un updated version of the "IPSec Packet Size Calculator" from the original author which include AES encryption.


I have added back the NAT-T calculation and in addition the overhead when using GRE Tunnel Key.


Both the new original and my new version are attached to this post.


Regards and good work with IPSec



mlenco Fri, 10/31/2008 - 12:24
User Badges:

That is a great packet size calculator. However, it doesn't take ESP AES into consideration. If IOS-DES/3DES is 8 byte, ESP-DES/3DES is 2 byte then what would AES add to the mix?

Actions

This Discussion