Home page logo

nanog logo nanog mailing list archives

RE: VoIP over IPsec
From: "Kuhtz, Christian" <christian.kuhtz () BellSouth com>
Date: Tue, 18 Feb 2003 14:07:07 -0500

On Tue, 18 Feb 2003, Petri Helenius wrote:

Maybe a stupid question... why would you need GRE tunneling while IPsec
has a tunnel mode of its own?

Probably because a major router vendor, despite of repeated customer
declined to implement routing across such tunnel mode.

So if the router uses tunnel mode (as per the RFC) despite the GRE
tunnel the packet has three IP headers... So that's 160 bits ethernet
layer 1 + 18 bytes ethernet layer 2 overhead, 24 bytes for the GRE
tunnel, 20 bytes for the IPsec tunnel mode IP header, 10 - 12 bytes for
the ESP header, 16 bytes for the initialization vector, 20 bytes for the
original IP header and finally 20 bytes for the RTP header. With a 40
byte payload that adds up to 188 bytes on the wire of which 78% is


On Crisco, if memory serves, default payload is 160 for G.711, not 40.  The
sizing goes in multiples of 80s.


"The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential, proprietary, and/or
privileged material. Any review, retransmission, dissemination or other use
of, or taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from all

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]