|
Home > Archive > VPN > July 2005 > Encryption overheads and general performance qs
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Encryption overheads and general performance qs
|
|
| hals left 2005-06-29, 5:47 pm |
| Hi I have some questions on VPN performanace.
As there are a range of options from PPTP to IPSec tunnel mode, will
the processing overheads of encryption/decryption increase with the
different standards ?
Other than more RAM, how else can the performance be increased, are
there any guides to tuning the performnace of a VPN.
thanks
hals_left
| |
| Terry Dalton 2005-07-06, 2:46 am |
| "hals left" <cc900630@ntu.ac.uk> wrote in news:1120080167.320543.289020
@z14g2000cwz.googlegroups.com:
> Hi I have some questions on VPN performanace.
>
> As there are a range of options from PPTP to IPSec tunnel mode, will
> the processing overheads of encryption/decryption increase with the
> different standards ?
>
> Other than more RAM, how else can the performance be increased, are
> there any guides to tuning the performnace of a VPN.
>
> thanks
> hals_left
>
If you have the option you'll always want to use IPSEC it is more secure
than PPTP and is preferred. PPTP is around basically for interoperability
with legacy devices. As far as performance goes look for a device that
does hardware encryption which is much faster than doing encryption in
software. hardware encryption is typical in newer devices but cisco still
sells the 3015 VPN concentrator which does a whopping 4Mb 3DES encryption
(yes only 4 Megabits) in software and has a list price of $10,000! When
you are evaluating a VPN device you typically see clear text throughput,
3DES and AES throughput in Mb (megabits). The 3DES (168 bit) and AES ( up
to 256 bit) throughput will give you the best indicator of the speed of
encyrption/decryption. As long as your bandwidth requirements don't exceed
the devices throughput and preferrably leave 20 to 30% headroom for
growth/expansion you should be fine. Don't underestimate the importance of
management and good tech support. I highly recommend cisco PIX's
especially now that version 7 of their software is out it has every feature
of a dedicated VPN concentrator and a proven firewall that is easy to setup
and manage.
|
|
|
|
|