cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3206
Views
10
Helpful
7
Replies

IPSec Overheads

Scott Cannon
Level 1
Level 1

Hi,

Can anyone tell me what sort of overhead 3DES (ESP) puts on an IP packet?

From memory, theres 50-73 additional bytes and I recall that it must be in increments of 8 but I dont understand the huge variation (50-73).

Can I accurately calculate the overhead of 3des over IP?

Regards

Scott

1 Accepted Solution

Accepted Solutions

a.alekseev
Level 7
Level 7

The overhead depends on the transform set.

for esp-3des esp-md5-hmac, esp-des esp-md5-hmac, esp-3des esp-sha-hmac, esp-des esp-sha-hmac the overhed will be 50-57bytes

View solution in original post

7 Replies 7

a.alekseev
Level 7
Level 7

The overhead depends on the transform set.

for esp-3des esp-md5-hmac, esp-des esp-md5-hmac, esp-3des esp-sha-hmac, esp-des esp-sha-hmac the overhed will be 50-57bytes

Thanks for your help.

Is there a matrix or other document somewhere I can reference to determine the overheads for the various transform sets?

Ie. You didnt mention AES encryption, or the AH protocol (probably because no one uses it, but still...)

for AES (esp-aes esp-md5-hmac) 58-73bytes

fot DES,3DES (ah-des esp-md5-hmac) 62-69bytes

There is an updated version of this tool available here:

 

IPSec Overhead Calculator

 

-Jay Young

Hello,

I have found in the past a HTML page which calculate IPSec packet size depending of the transform set used. I have added the NAT-T overhead.

It is attached to this reply.

At this time it does not include AES.

Hello,

I have received un updated version of the "IPSec Packet Size Calculator" from the original author which include AES encryption.

I have added back the NAT-T calculation and in addition the overhead when using GRE Tunnel Key.

Both the new original and my new version are attached to this post.

Regards and good work with IPSec

mlenco
Level 1
Level 1

That is a great packet size calculator. However, it doesn't take ESP AES into consideration. If IOS-DES/3DES is 8 byte, ESP-DES/3DES is 2 byte then what would AES add to the mix?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: