> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Richard Taylor > Sent: Thursday, June 13, 2002 12:30 PM > To: [EMAIL PROTECTED] > Subject: RE: Netscreen 25 VPN Slowdown > > > Hi all, > A note about the speed of Netscreen devices running > encryption/decryption go and read the following: > http://www.netscreen.com/press/viewRelease.asp?release=287
[Summary, NS5200 specced up can push 2Gb/s 3DES VPN] Whoa. That's _really_ fast. Things like that always make me wonder how the ciphers are being implemented. I don't have my copy of Applied Crypto here, but there are a few ways you can run 3DES, notably for parallel processing, that aren't actually as strong as one would expect. There has to be some good technical reason why it's that much faster - maybe they've got a dedicated crypto offload card per interface or something. Maybe it's this: "At the heart of the NetScreen-5000 Series is NetScreen's new GigaScreen-II ASIC, which significantly advances the way ASIC-based security is implemented. Rather than only accelerating security features as a co-processor aiding a traditional CPU, the GigaScreen-II can act as a fully featured flow processor handling network packet processing tasks that have previously been left to a security system's central processor. This change in methodology increases performance, allowing the NetScreen-5000 Series to deliver more than an order of magnitude higher small-packet performance than competitors while simultaneously reducing system latency. " Does that mean that the existing VPNs are essentially flow-switched with the ASIC also handling the crypto? Do we have any Netscreen techs in the audience? [...] > > Richard Taylor MSc (UTS) > Network and Security Architect > Technology Services > Thomson Legal & Regulatory Limited > +61-2-8587-7521 Cheers, -- Ben Nagy Network Security Specialist Mb: TBA PGP Key ID: 0x1A86E304 -- Firewalls mailing list - [ [EMAIL PROTECTED] ] To unsubscribe: http://www.isc.org/services/public/lists/firewalls.html