IETF Logo Mail Archive

Re: [IPsec] Maximum sizes of IKEv2 messages and UDP messages ?

Paul Wouters <paul@nohats.ca> Thu, 18 June 2020 15:42 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3E433A0A02 for <ipsec@ietfa.amsl.com>; Thu, 18 Jun 2020 08:42:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8bJK0VaVJX0H for <ipsec@ietfa.amsl.com>; Thu, 18 Jun 2020 08:42:09 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A6193A0A0A for <ipsec@ietf.org>; Thu, 18 Jun 2020 08:42:02 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 49nmQH6y5kzMvh; Thu, 18 Jun 2020 17:41:59 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1592494919; bh=lfGzxPTRmQjVSYBt++viLnEz6z3t7IaDUKJfNQ2xbMY=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=mBuVfpuHF+nuD819qzqYP7Bzq919VKlInUEs1PrBKEOrAmtOrzKHtr7Bru5oy8vzJ 5WT4IQ9nzyX7tUg6jWNKsBATmnslxeJ1B5zPu3hW9BXnlsw1yUejziNs1OHjZsaNPl koPQowjSQ7f5KJmjPD1f+dOX2Cbn0Rj7mLuwRInw=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id oU3U9fpFiUhn; Thu, 18 Jun 2020 17:41:57 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 18 Jun 2020 17:41:57 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 80C8B6020D8B; Thu, 18 Jun 2020 11:41:56 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 766A282301; Thu, 18 Jun 2020 11:41:56 -0400 (EDT)
Date: Thu, 18 Jun 2020 11:41:56 -0400
From: Paul Wouters <paul@nohats.ca>
To: "Panos Kampanakis (pkampana)" <pkampana=40cisco.com@dmarc.ietf.org>
cc: "Dang, Quynh H. (Fed)" <quynh.dang=40nist.gov@dmarc.ietf.org>, Valery Smyslov <smyslov.ietf@gmail.com>, 'ipsecme mailing list' <ipsec@ietf.org>
In-Reply-To: <BN7PR11MB254714D71BB281B1B35FF662C99B0@BN7PR11MB2547.namprd11.prod.outlook.com>
Message-ID: <alpine.LRH.2.22.394.2006181137500.20534@bofh.nohats.ca>
References: <BY5PR09MB47550EF86C79AD4B009DACE2F39A0@BY5PR09MB4755.namprd09.prod.outlook.com>, <059d01d644af$4f2c7ed0$ed857c70$@gmail.com> <BY5PR09MB4755E77A264964F3D73FB7FEF39A0@BY5PR09MB4755.namprd09.prod.outlook.com> <BN7PR11MB254714D71BB281B1B35FF662C99B0@BN7PR11MB2547.namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/WL6xAcVt0o4RYZQjZWhQz0b4J_Q>
Subject: Re: [IPsec] Maximum sizes of IKEv2 messages and UDP messages ?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 15:42:11 -0000

On Thu, 18 Jun 2020, Panos Kampanakis (pkampana) wrote:

> > I guess the impact is small generally because an IPsec tunnel normally stays up for a long time. Does my guess seem ok here ?
> 
> > Would there be some noticeable impact on a high-volume connections VPN server ?
> 
> We tested this in the context of TLS in https://eprint.iacr.org/2020/071. For a tunnel that stays up for a long time (not just a few seconds like
> HTTPS) and sends Megabytes of data or more, then the larger key+signatures size are amortized over the tunnel data. What becomes more important
> then is the keygen, encap, decap, sign/verify time.
> 
> In other words, servers that terminate a lot of connections at the same time will be impacted by slower operations in the handshake (the server
> throughput drops), but their tunnels that send a few more kilobytes of handshake data and magnitudes more over the tunnel are not significantly
> affected especially if we are talking about UDP and not TCP (with congestion control slowing down the handshake).

For libreswan, we recently went through performance enhancements, and we
found a number of issues in our code that once meassured, were easilly
fixed. There are still some linear lookups left in the Linux kernel for
policies/states, but we found that with about 1000 users that keep
connecting/disconnecting, it wasn't a big problem yet.

Hopefully, more clients will use Session Resumption, which would at
least cut out the (EC)DiffieHellman part of starting a session again,
but on larger servers with that many clients, there tends to not be
a guaranteed you can connect to the same server which can resume
your session. Also, I'm not sure if we need to further postquantum
prood the resumption mechanism (I don't think so, but I'm not a
licensed cryptographer)

Paul

v2.23.0 | Report a Bug | By Email