RE: IPCOMP and IPSEC
Avram Shacham <shacham@cisco.com> Sat, 30 May 1998 01:37 UTC
Return-Path: shacham@cisco.com
Received: from beasley.cisco.com (mailgate-sj-2.cisco.com [171.69.2.135]) by ftp-eng.cisco.com (8.8.5-Cisco.1/8.6.5) with ESMTP id SAA08579 for <ippcp-archive-file@ftp-eng.cisco.com>; Fri, 29 May 1998 18:37:13 -0700 (PDT)
Received: from bubbuh.cisco.com (bubbuh.cisco.com [198.92.30.35]) by beasley.cisco.com (8.8.4-Cisco.1/CISCO.GATE.1.1) with ESMTP id KAA12976 for <ippcp-archive-file@ftp-eng.cisco.com>; Fri, 29 May 1998 10:43:21 -0700 (PDT)
Received: from airedale.cisco.com (airedale.cisco.com [171.69.1.135]) by bubbuh.cisco.com (8.8.4-Cisco.1/CISCO.GATE.1.1) with SMTP id KAA20476 for <ippcp@external.cisco.com>; Fri, 29 May 1998 10:42:54 -0700 (PDT)
Received: from avram.cisco.com (kenny-ncd.cisco.com [171.69.50.148]) by airedale.cisco.com (8.6.12/8.6.5) with SMTP id KAA12557; Fri, 29 May 1998 10:39:02 -0700
Message-Id: <3.0.2.32.19980529103610.006b4914@airedale.cisco.com>
X-Sender: shacham@airedale.cisco.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.2 (32)
Date: Fri, 29 May 1998 10:36:10 -0700
To: Stephen Waters <Stephen.Waters@digital.com>
From: Avram Shacham <shacham@cisco.com>
Subject: RE: IPCOMP and IPSEC
Cc: ipsec@tis.com, ippcp@external.cisco.com
In-Reply-To: <250F9C8DEB9ED011A14D08002BE4F64C01A23E44@wade.reo.dec.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Steve, At 11:56 AM 5/29/98 +0100, Stephen Waters wrote: >The IP-layer compression (IPPCP) calls >for zero-history compression - for which the performance can be bad. Tests show different results. Sure, an IP datagram with payload that has been previously compressed tends not to compress any further, regardless of the protocol-layer the compression is applied in. In other words, compressed data will not compress further in V42.bis, PPP, or IPComp. Therefore the IPComp protocol recommends implementation of an adaptive algorithm to avoid the performance hit. Using the Calgary files benchmark with LZS algorithm, the compression ratio of IP datagrams with MTU of 1500 octets was 1.82:1, not that far from the max the algorithm can offer 2.2:1. Stateless compression is a must in IP, so the overall performance gain is pretty significant. And, stateless compression has its implementation advantages. >When we did LZS zero-history support for X.25 links, we used a minimum >packet size of 500bytes, i.e. we would not even try to compress the >packet if it was smaller than that. My measurements of LZS with MTU of 576 show a compression ratio of 1.5:1. MTU of 256 gave a similar ratio, but 41% of the packets failed to compress, so overall performance got a hit. The IPComp protocol does recognize that small datagrams are likely to expand as a result of compression. Therefore, the protocol suggests that a numeric threshold should be applied before compression, where IP datagrams of size smaller than the threshold are sent in the original form without attempting compression. The numeric threshold is implementation dependent. The algorithms drafts (DELATE, LZS) suggest using a threshold of ~90 bytes. My implementation uses the value of 256. >On my office link (ISDN/PPP/LZS with history), I average 2:1 >compression. I suspect this would reduce noticeably for zero-history. You may be surprised, and - again - for the better. On my home-office link (IPComp/ISDN) I got 1.82:1 compression ratio - with or without ESP encryption. Regards, avram
- Re: IPCOMP and IPSEC Daniel Harkins
- IPCOMP and IPSEC Stephen Waters
- Re: IPCOMP and IPSEC Daniel Harkins
- Re: IPCOMP and IPSEC Naganand Doraswamy
- Re: IPCOMP and IPSEC Saroop Mathur
- Re: IPCOMP and IPSEC Eric Dean
- Re: IPCOMP and IPSEC Marc Hasson
- Re: IPCOMP and IPSEC Marc Hasson
- RE: IPCOMP and IPSEC Avram Shacham
- FW: IPCOMP and IPSEC Stephen Waters
- RE: IPCOMP and IPSEC Avram Shacham
- Re: IPCOMP and IPSEC Daniel Harkins
- RE: IPCOMP and IPSEC Roy Pereira
- RE: IPCOMP and IPSEC Roy Pereira
- Re: IPCOMP and IPSEC Daniel Harkins
- RE: IPCOMP and IPSEC Roy Pereira
- RE: IPCOMP and IPSEC Eric Dean
- RE: IPCOMP and IPSEC Stephen Waters
- RE: IPCOMP and IPSEC Eric Dean
- RE: IPCOMP and IPSEC Eric Dean
- Re: IPCOMP and IPSEC Stephen Kent
- RE: IPCOMP and IPSEC Robert Moskowitz
- RE: IPCOMP and IPSEC Avram Shacham
- RE: IPCOMP and IPSEC Paul Koning