IPSec Overheads

Answered Question
Jul 27th, 2008

Hi,


Can anyone tell me what sort of overhead 3DES (ESP) puts on an IP packet?


From memory, theres 50-73 additional bytes and I recall that it must be in increments of 8 but I dont understand the huge variation (50-73).


Can I accurately calculate the overhead of 3des over IP?


Regards

Scott

Correct Answer by a.alekseev about 8 years 7 months ago

The overhead depends on the transform set.


for esp-3des esp-md5-hmac, esp-des esp-md5-hmac, esp-3des esp-sha-hmac, esp-des esp-sha-hmac the overhed will be 50-57bytes


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
a.alekseev Mon, 07/28/2008 - 04:52

The overhead depends on the transform set.


for esp-3des esp-md5-hmac, esp-des esp-md5-hmac, esp-3des esp-sha-hmac, esp-des esp-sha-hmac the overhed will be 50-57bytes


Scott Cannon Mon, 07/28/2008 - 15:32

Thanks for your help.


Is there a matrix or other document somewhere I can reference to determine the overheads for the various transform sets?


Ie. You didnt mention AES encryption, or the AH protocol (probably because no one uses it, but still...)

a.alekseev Wed, 07/30/2008 - 00:38

for AES (esp-aes esp-md5-hmac) 58-73bytes

fot DES,3DES (ah-des esp-md5-hmac) 62-69bytes


Christian Chautems Thu, 10/23/2008 - 06:43

Hello,


I have received un updated version of the "IPSec Packet Size Calculator" from the original author which include AES encryption.


I have added back the NAT-T calculation and in addition the overhead when using GRE Tunnel Key.


Both the new original and my new version are attached to this post.


Regards and good work with IPSec



mlenco Fri, 10/31/2008 - 12:24

That is a great packet size calculator. However, it doesn't take ESP AES into consideration. If IOS-DES/3DES is 8 byte, ESP-DES/3DES is 2 byte then what would AES add to the mix?

Actions

This Discussion