GRE Tunnel Vs IPSEC GRE Tunnel

Unanswered Question
Aug 3rd, 2009
User Badges:

Is it possible to get some calculation on the overhead on moving from standard GRE Tunnel to IPSEC GRE Tunnel.

With GRE Tunnel when I do a normal ping to another network on remote end it takes 150ms what is expected with IPSEC GRE Tunnel.

Any suggestion to optimize for better performance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Istvan_Rabai Mon, 08/03/2009 - 08:32
User Badges:
  • Gold, 750 points or more

Hi Saquib,

Routers generally do encryption on their processors so it puts an additional burden on the processor, especially when traffic is large.

I don't believe there is an exact formula to calculate the delay that IPSec encryption introduces.

Delay of course will depend on the encryption type and key length.

If you really want to decrease delay introduced by IPSec encryption, you may want to apply an encryption module in your router:

Here, encryption is made in hardware with very high speed that reduces calculation delay significantly.



srue Mon, 08/03/2009 - 11:22
User Badges:
  • Blue, 1500 points or more

another option is if you have a firewall (eg ASA) that already does hardware encryption through which your gre tunnel passes, you can just encrypt the gre tunnel at that point.

Leo Laohoo Mon, 08/03/2009 - 13:46
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Another method is to apply a data encryptor.


This Discussion