Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

IPSec overheads



What is the exact overhead due to IPSec with DES ? Will it be more or same when using 3-DES ?. What if I use GRE over IPSec for multicast routing and enabled with EIGRP ?

thanks in advance



Community Member

Re: IPSec overheads

If you are talking about IP V4....

Defining byte as 8 bits... about 54 to 61 bytes per packet for DES or Triple des.

Remember, the des key has been shared before data starts moving, and rekeying isn't that common for a converstaion, so you can disregard the rekeying packets when looking at a long connection. So the date has the des or tripple des applied and removed on each end, and the data is the same size for either, just 'more scrambled' with triple des. But triple des takes more processing overhead at each end and can induce latency.

Seems like GRE is another 24 bytes on top of that.

EIGRP would depend on how often your routes changed I would guess?

As far as overhead, most people are looking for figures like 10% more bandwidth, or 25% more. There may be some industry averages, but it depends specifically on the type of data you are moving.

If you have say very small packets, say a g.711 RTP stream, you are looking at an astronimical increas, since the data being moved in each small packet could end up being only 1/6 of the total packet size once you get all of the headers involved encapsulated.

I'm sure somewhere Cisco has the exact figures, but this is an off the top of my head estimate.

CreatePlease to create content