Add the TCP/IP header of 40 bytes for an unencrypted packet size of 1,368. Most internet links are limited to packets no larger than 1,500 bytes, and the difference enables IPsec and other frequently used protocol headers. The maximum safe packet size on an IPsec VPN is 1,328 bytes.
A 10 Mbps Ethernet link can handle approximately 4,032 packets per second, or 80 concurrent phone calls. The encrypted IPsec packet size is 272 bytes, an increase of about 50%. The User Datagram Protocol/IP header is 28 bytes, resulting in a 188 byte packet before entering the VPN. A more realistic case is a VoIP 711 wideband codec, running 50 packets per second with a payload of 160 bytes each. Fortunately, applications that transfer a single byte at a time are infrequently used and function at slow speeds. A 10 Mbps Ethernet link can handle approximately 8,845 packets per second at this packet size. The IPsec VPN overhead on this packet is an additional 84 bytes, resulting in a total packet size of 128 bytes, an increase of 200%. The worst case is transporting 1 byte of application data, such as in Telnet or Secure Socket Shell The resulting TCP/IP packet is 41 bytes in length. It's easy to scale the 10 Mbps figures up or down to match available ISP link speeds. Let's examine the VPN overhead for several different packet sizes and the effect on a 10 Mbps Ethernet connection to an ISP. Cellular connectivity, on the other hand, frequently yields only low megabit speeds - or even less - depending on signal levels and congestion. Well-connected parts of the world experience multimegabit speeds. Of course, the actual speed that's delivered depends on local connectivity and possible congestion, regardless of the speed of the physical link. The speed of ISP connections continues to climb around the world. It is the method that is commonly used for site-to-site VPNs, so we are using it for our analysis.Īnother consideration is the quality of the internet connection. Tunnel mode provides better security at a slightly higher overhead by encapsulating the original IP header.
The IPsec VPN overhead depends on whether tunnel mode or transport mode is selected. VPN connections using Transport Layer Security are not considered because TLS is generally used to protect specific application sessions. For this article, we are only considering IPsec VPNs, which are true VPNs that are configured to connect hosts or networks to a private network.
0 kommentar(er)
