GRE Tunnel Vs IPSEC GRE Tunnel

Unanswered Question
Aug 3rd, 2009

Is it possible to get some calculation on the overhead on moving from standard GRE Tunnel to IPSEC GRE Tunnel.

With GRE Tunnel when I do a normal ping to another network on remote end it takes 150ms what is expected with IPSEC GRE Tunnel.

Any suggestion to optimize for better performance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Istvan_Rabai Mon, 08/03/2009 - 08:32

Hi Saquib,

Routers generally do encryption on their processors so it puts an additional burden on the processor, especially when traffic is large.

I don't believe there is an exact formula to calculate the delay that IPSec encryption introduces.

Delay of course will depend on the encryption type and key length.

If you really want to decrease delay introduced by IPSec encryption, you may want to apply an encryption module in your router:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htvpnssl.html

http://www.cisco.com/en/US/prod/collateral/modules/ps8768/ps4221/product_data_sheet09186a00800c4fe2.html

http://www.cisco.com/en/US/prod/collateral/modules/ps8768/ps5308/product_data_sheet09186a008017dc0a.html

Here, encryption is made in hardware with very high speed that reduces calculation delay significantly.

Cheers:

Istvan

srue Mon, 08/03/2009 - 11:22

another option is if you have a firewall (eg ASA) that already does hardware encryption through which your gre tunnel passes, you can just encrypt the gre tunnel at that point.

Actions

This Discussion