Re: IPSec. B.W. between two branches

moabdallah · ‎06-21-2006

I have two branches connected via 1M leased line and utilization on the link is 80%

I would to implement VPN/IPSec. between these two branches and keep the same utilization percentage on the link

Should I increase the link B.W. ?

Is there any formula to calcualte the required B.W. after IPSec. ?

Anyone can help ?

Regards

Mohamed

leighharrison · ‎06-21-2006

Hi there Mohamed,

I've always been of the oppinion that 50% utilisation is high and anything over that needs looking at. I would increase the bandwidth.

If you want to IPsec on there too, then there will be an additional overhead for the new encapsulation, but this is on a per packet basis. You packet could be 64bytes or it could be 1500bytes, depending on traffic types. So it can be worked out, but you'll need to know your ave. packet size. Again, increasing the bandwidth will make the additional header irrelevant to a degree.

Regards,

LH

Please rate all posts

moabdallah · ‎06-21-2006

Hi,

What the percentage of bandwidth should we increase if we take the av. packet size 512byte for example ?

What is the equation ?

Regards

Mohamed

leighharrison · ‎06-22-2006

Hi there,

Looking at this RFC section 6.3.1 onwards, the additional can be from 52 to 68 bytes, depending on how you apply the IPsec.

http://mirrors.isc.org/pub/www.watersprings.org/pub/id/draft-aboba-ipsra-req-00.txt

So for a 512byte packet, you'll be looking at anything from 10% - 13% of overhead.

Regards,

LH

Please rate all posts