Home page logo
/

nanog logo nanog mailing list archives

Re: VoIP over IPsec
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Tue, 18 Feb 2003 10:13:01 +0100 (CET)


On Tue, 18 Feb 2003, Petri Helenius wrote:

Maybe a stupid question... why would you need GRE tunneling while IPsec
has a tunnel mode of its own?

Probably because a major router vendor, despite of repeated customer requests,
declined to implement routing across such tunnel mode.

So if the router uses tunnel mode (as per the RFC) despite the GRE
tunnel the packet has three IP headers... So that's 160 bits ethernet
layer 1 + 18 bytes ethernet layer 2 overhead, 24 bytes for the GRE
tunnel, 20 bytes for the IPsec tunnel mode IP header, 10 - 12 bytes for
the ESP header, 16 bytes for the initialization vector, 20 bytes for the
original IP header and finally 20 bytes for the RTP header. With a 40
byte payload that adds up to 188 bytes on the wire of which 78% is
overhead...


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]