Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1120
Views
0
Helpful
2
Replies

Performance IPSec vs. MPLS

Go to solution
news2010a
Level 3
Level 3

‎09-25-2008 12:14 PM - edited ‎03-03-2019 11:41 PM

Imagine user in San Francisco connects to New York via IPsec tunnel (Internet):

a) If I go via a MPLS network instead, is the latency about the same than the IPSec?

b) How about average performance? How many % performance decrease in applications should I consider when compared to MPLS given the encryption demanded by the IPsec tunnel?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-25-2008 12:19 PM

Marlon

This is a difficult question to answer precisely. What can be said is that there are no preformance guarantees on the Internet whereas with MPLS you will have some sort of SLA's with your service provider.

Other thing to bear in mind when comparing MPLS to Internet is availability.

As for performance, there will always be an additional overhead when using IPSEC but it can be somewhat alleviated by having a dedicated hardware module for the VPN encryption/decryption.

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-25-2008 12:19 PM

Marlon

This is a difficult question to answer precisely. What can be said is that there are no preformance guarantees on the Internet whereas with MPLS you will have some sort of SLA's with your service provider.

Other thing to bear in mind when comparing MPLS to Internet is availability.

As for performance, there will always be an additional overhead when using IPSEC but it can be somewhat alleviated by having a dedicated hardware module for the VPN encryption/decryption.

Jon

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-28-2008 12:15 PM

As Jon notes, this is difficult because in any one instance, one might be better than the other.

In general, IPSec will add some latency for actual encryption and decryption, but with hardware it's usually little, but this also assumes that addition fragmentation isn't incurred because of IPSec. (Even then, IPSec with hardware performs well, but the platforms might not with general fragmentation.)

The two big factors for actual latency is overall distance (how the traffic actually physically flows end-to-end) and actual congestion.

In a place like the US, the latency is often very close although because of typical MPLS SLAs, MPLS latency is often less variable.

In a place far, far out, like some remote jungle, surprisingly Internet IPSec often performs better because there's more demand for Internet locally than private WAN. (I.e. the physical Internet build out is often better.)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card