Home page logo

nanog logo nanog mailing list archives

Re: VoIP over IPsec
From: Vadim Antonov <avg () kotovnik com>
Date: Tue, 18 Feb 2003 15:51:38 -0800 (PST)

On Tue, 18 Feb 2003, Stephen Sprunk wrote:

It also allows precomputation of the key stream, adding nearly zero
latency/jitter to the actual packet processing.

You fail to note that this requires precomputing and storing a keystream for
every SA on the encrypting device, which often number in the thousands.
This isn't feasible in a software implementation, and it's unnecessary in

You don' have to store the entire keystream, just enough to allow
on-the-fly packet processing.  Besides, memory is cheap. 100 msec buffers
for 100,000 simultaneous voice connections is an astonishing 80 Mb.

More realistically, it's 10k calls and 30 msec of buffering.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]