Re: [IPsec] How long does an IKEv1 session take to complete?
Gregory Lebovitz <gregory.ietf@gmail.com> Wed, 18 November 2009 18:00 UTC
Return-Path: <gregory.ietf@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9B8853A6A04 for <ipsec@core3.amsl.com>; Wed, 18 Nov 2009 10:00:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TE7qAXl+I+Kv for <ipsec@core3.amsl.com>; Wed, 18 Nov 2009 10:00:28 -0800 (PST)
Received: from mail-fx0-f215.google.com (mail-fx0-f215.google.com [209.85.220.215]) by core3.amsl.com (Postfix) with ESMTP id 892883A6AC6 for <ipsec@ietf.org>; Wed, 18 Nov 2009 10:00:28 -0800 (PST)
Received: by fxm7 with SMTP id 7so1500752fxm.29 for <ipsec@ietf.org>; Wed, 18 Nov 2009 10:00:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=4CgNk4K6QCy3q5NusN7nzo3hPyjR8KaiiU2+K4MvvBY=; b=DQKliXodTPefk22hMozgf1oGF9Y+9YPKYit5AAO/mA/TOcmzyk6pkQxmlpxb1tpZt/ k4+wgbb0ZKWgXpHOX7IbqXN8R1uiyzw7RSJb7X39E0EHV1jRjSaClCHEVw0oQD8fkAn6 BIssd04bQ6fa6FQU65T6J2Q++RG+XZdQ8jiWg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=iWbEE0foip1corcwWe5tnhIkovyTuMSxblba6TYrO0/bba56HeqOjEr0CqMcjrwsM4 z6YZJ53Hb7hxHqwgnQJwnNYw8H/fVYlB1ENA1PCDRafr97hOkqvxNpm4FBJWelbK5i9v tWd3kRuDx6T/BxlBDKG+axk9fol2VP8dvLaNI=
MIME-Version: 1.0
Received: by 10.204.155.73 with SMTP id r9mr577783bkw.14.1258567222382; Wed, 18 Nov 2009 10:00:22 -0800 (PST)
In-Reply-To: <20091118162750.GB1178@kebe.East.Sun.COM>
References: <32855890.1258525905711.JavaMail.root@elwamui-norfolk.atl.sa.earthlink.net> <20091118162750.GB1178@kebe.East.Sun.COM>
Date: Wed, 18 Nov 2009 10:00:22 -0800
Message-ID: <f1548840911181000v79b6d52ex98d684a366551677@mail.gmail.com>
From: Gregory Lebovitz <gregory.ietf@gmail.com>
To: Dan McDonald <danmcd@sun.com>
Content-Type: multipart/alternative; boundary="0015175cfa8e3751150478a904a7"
Cc: ipsec@ietf.org
Subject: Re: [IPsec] How long does an IKEv1 session take to complete?
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2009 18:00:29 -0000
Additionally it will depend on the round trip time across the network between the two peers. Vendors who are selling network boxes that can do a large number of simultaneous IKE negotiations tend to care more about simultaneous IKE SA negotiations per second than they do the actual negotiation time of any one single negotiation. HTH, Gregory. On Wed, Nov 18, 2009 at 8:27 AM, Dan McDonald <danmcd@sun.com> wrote: > On Tue, Nov 17, 2009 at 11:31:45PM -0700, hyla81420@mypacks.net wrote: > <SNIP!> > > > Greetings. Is there any data out there that quantifies how long a typical > > IKEv1 session (main mode and/or aggressive mode) take to complete? > > I don't think anyone's done a thorough survey of implementations or > parameters they use. If anyone has, or knows of such a survey, they should > really share with this list. > > A LOT depends on what you use for your Oakley Group, your authentication > method (and the certificate key size in the case of certificates), and, of > course, the hardware upon which you run it. There's a lot of combinations > there! > > Dan > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > -- ---- IETF related email from Gregory M. Lebovitz Juniper Networks
- [IPsec] How long does an IKEv1 session take to co… hyla81420
- Re: [IPsec] How long does an IKEv1 session take t… Dan McDonald
- Re: [IPsec] How long does an IKEv1 session take t… Gregory Lebovitz
- Re: [IPsec] How long does an IKEv1 session take t… Dan McDonald
- Re: [IPsec] How long does an IKEv1 session take t… Yoav Nir
- Re: [IPsec] How long does an IKEv1 session take t… hyla81420