Date: Wed, 7 Nov 2001 19:30:56 +1100 (Australia/NSW) From: Darren Reed <avalon@cairo.anu.edu.au> To: ns@BlueSkyFrog.COM (Nick Slager) Cc: freebsd-security@FreeBSD.ORG Subject: Re: KAME IPsec on low-end hardware Message-ID: <200111070830.fA78Uu0W029670@cairo.anu.edu.au> In-Reply-To: <20011107163846.H25762@BlueSkyFrog.COM> from "Nick Slager" at Nov 07, 2001 04:38:46 PM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Nick Slager, sie said: > > Just set up my first IPsec link between two 4.4-REL boxes. They are > connected thusly: > > IPsec Linux IPsec > Box 1 ----- router box ----- Box 2 > 192.168.1.1 192.168.2.1 > > This is all set up on a 100mb ethernet LAN. > > When pinging the box with the IPsec link active, I'm getting > suboptimal response times: > > box1 ~ % ping box2 > PING box2.internal (192.168.2.1): 56 data bytes > 64 bytes from 192.168.2.1: icmp_seq=0 ttl=63 time=35.338 ms > 64 bytes from 192.168.2.1: icmp_seq=1 ttl=63 time=34.032 ms > 64 bytes from 192.168.2.1: icmp_seq=2 ttl=63 time=33.999 ms > > With IPsec not active, response times are "normal" (~ 0.5ms) That doesn't sound normal to me. I've been using IPsec on a OpenBSD/sparc (IPX) box which is definately not faster than either the DX4/100 or P90 and my ping times are still in the 3-5 ms range to a NetBSD/Celeron-533. In the absence of IPsec, ping times are sub-1ms. These are on the same LAN (no router between them), however. That is using DES-MD5. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111070830.fA78Uu0W029670>