[Openswan Users] Latency with Openswan?
Joost Kraaijeveld
J.Kraaijeveld at Askesis.nl
Mon Jul 10 16:38:54 CEST 2006
On Fri, 2006-07-07 at 18:03 +0200, Paul Wouters wrote:
> On Fri, 7 Jul 2006, Joost Kraaijeveld wrote:
>
> > Does anyone know if and how much latency is added to a connection if the
> > connection is done through an OpenSwan tunnel with a pre-shared or RSA
> > key? ?
>
> I am not sure if I understand the question entirely. Are you talking about
> the latency of IPsec in general, or the difference between PSK and RSA?
A customer of mine has several ipsec tunnels ( > 100) through which
Citrix ICA session run. The users experience latency (long response
times), which makes typing really awkward experience. I want to rule out
that the OpenSwan ipsec tunnels are responsible for the latency (I
actually suspect the upstream provider's way of handling the
connection).
> It all depends on the hardware. IKE is not causing much latency at all,
> because it happens once per hour. And if you wish to get a better
> throughput for ESP, then adding CPU power or hardware accelerators will
> help you.
As far as I can see we have bandwidth enough (we almost never saturate
the connection, measured with iptraf).
--
Groeten,
Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
web: www.askesis.nl
More information about the Users
mailing list