From: Jyri Kaljundi <jk @
Subject: Re: swIPe abstract (was Re: raptor encryption)
Date: Mon, 21 Jul 1997 14:50:51 +0300 (EET DST)
To: Firewalls @
Cc: mikech @
> mikech @
> > In our own implementation we stuck with the basics, DES/3DES and Keyed
> > MD5 header authentication with manual key exchange. We used Phil Karn's
> > excellent DES/3DES 80x86 assembly code for the encryption/decryption
> > engine and get about 10 megabits/sec on a 150 MHz Pentium (this code is
> > in the public domain and can be used by anyone).
> This is the algorithm speed, right? What is the real speed of your IPSec
> implementation on some Pentium 100/200/Pro? Just curious.
> Jyri Kaljundi
> jk @
---------------End of Original Message-----------------
I'll just give you some real world statistics. We could easily flood a 10
Megabit ethernet connection with an encrypted tunnel on a 100 MHz Pentium. We
have clients using IPSec on both FDDI and 100 Mbit ethernet who report they
get about 30% utilization with very fast Pentiums. Unless you are using
specialized crypto-specific chips you probably won't get much faster than
that. Again, anyone who has statistics for other VPN's can speak up.
We used Netperf and a Network General Sniffer for our testing. We also used a
"clean" LAN that carried no other traffic.
Phil Karn did an excellent job.
Michael W. Chalkley Tel: +1.770.772.4567
ZapNet! Inc. Fax: +1.770.475.7640
Suite 400-120 E-mail: mikech @
10945 State Bridge Road mikech @
Alpharetta, GA 30202 http://www.iproute.com