Re: [IPsec] How long does an IKEv1 session take to complete?
hyla81420@mypacks.net Sat, 21 November 2009 20:53 UTC
Return-Path: <hyla81420@mypacks.net>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E14883A68C3 for <ipsec@core3.amsl.com>; Sat, 21 Nov 2009 12:53:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.11
X-Spam-Level:
X-Spam-Status: No, score=-1.11 tagged_above=-999 required=5 tests=[BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G75v-kWY9tPU for <ipsec@core3.amsl.com>; Sat, 21 Nov 2009 12:53:35 -0800 (PST)
Received: from elasmtp-junco.atl.sa.earthlink.net (elasmtp-junco.atl.sa.earthlink.net [209.86.89.63]) by core3.amsl.com (Postfix) with ESMTP id 25DAA3A688C for <ipsec@ietf.org>; Sat, 21 Nov 2009 12:53:35 -0800 (PST)
Received: from [209.86.224.46] (helo=elwamui-royal.atl.sa.earthlink.net) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <hyla81420@mypacks.net>) id 1NBwxW-0000HF-4r for ipsec@ietf.org; Sat, 21 Nov 2009 15:53:30 -0500
Received: from 144.189.100.25 by webmail.earthlink.net with HTTP; Sat, 21 Nov 2009 15:53:29 -0500
Message-ID: <155808.1258836809981.JavaMail.root@elwamui-royal.atl.sa.earthlink.net>
Date: Sat, 21 Nov 2009 13:53:29 -0700
From: hyla81420@mypacks.net
To: IPSEC List <ipsec@ietf.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: EarthLink Zoo Mail 1.0
X-ELNK-Trace: e65ff8be1ec94f802adf59f7e2246db04d2b10475b57112024f0a00d9a1b29a4d131d9f4cf9c7243c6b317bf5bc479bb350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 209.86.224.46
Subject: Re: [IPsec] How long does an IKEv1 session take to complete?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Nov 2009 20:53:36 -0000
Thanks All. Round trip is definitely one part of it, and as you pointed out, my question was related to if the DH group/RSA computation were seen to be expensive. 20 msecs are not prohibitive. I was also hoping to garner any info on open source implementations as my end goals is for seeking an IKEv1 product so it would have been great to know where proprietary solutions stand relatively speaking. Any pointers would be greatly appreciated. -----Original Message----- >From: Yoav Nir <ynir@checkpoint.com> >Sent: Nov 18, 2009 10:49 PM >To: "<hyla81420@mypacks.net> <hyla81420@mypacks.net>" <hyla81420@mypacks.net> >Cc: "ipsec@ietf.org" <ipsec@ietf.org> >Subject: Re: [IPsec] How long does an IKEv1 session take to complete? > >What Dan and Gregory said. > >But assuming an unloaded gateway, with "normal" hardware (Any Intel, AMD or PowerPC processor from the last 10 years or a recent ARM), then even if you use relatively secure parameters (2048-bit DH group, 2048-bit RSA keys) the round trip time is going to dominate. The calculations themselves take less than 20 milliseconds. > >So phase 1 should take about 3 round trips. > >On Nov 18, 2009, at 8:31 AM, <hyla81420@mypacks.net> <hyla81420@mypacks.net> wrote: > >> Greetings. Is there any data out there that quantifies how long a typical IKEv1 session (main mode and/or aggressive mode) take to complete? >> >> Hyla >
- [IPsec] How long does an IKEv1 session take to co… hyla81420
- Re: [IPsec] How long does an IKEv1 session take t… Dan McDonald
- Re: [IPsec] How long does an IKEv1 session take t… Gregory Lebovitz
- Re: [IPsec] How long does an IKEv1 session take t… Dan McDonald
- Re: [IPsec] How long does an IKEv1 session take t… Yoav Nir
- Re: [IPsec] How long does an IKEv1 session take t… hyla81420