Home page logo
/

nanog logo nanog mailing list archives

Re: VoIP over IPsec
From: Vadim Antonov <avg () kotovnik com>
Date: Tue, 18 Feb 2003 15:51:38 -0800 (PST)


On Tue, 18 Feb 2003, Stephen Sprunk wrote:

It also allows precomputation of the key stream, adding nearly zero
latency/jitter to the actual packet processing.

You fail to note that this requires precomputing and storing a keystream for
every SA on the encrypting device, which often number in the thousands.
This isn't feasible in a software implementation, and it's unnecessary in
hardware.

You don' have to store the entire keystream, just enough to allow
on-the-fly packet processing.  Besides, memory is cheap. 100 msec buffers
for 100,000 simultaneous voice connections is an astonishing 80 Mb.

More realistically, it's 10k calls and 30 msec of buffering.

--vadim


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]