Thanks All. Round trip is definitely one part of it, and as you pointed out, my question was related to if the DH group/RSA computation were seen to be expensive. 20 msecs are not prohibitive.
I was also hoping to garner any info on open source implementations as my end goals is for seeking an IKEv1 product so it would have been great to know where proprietary solutions stand relatively speaking. Any pointers would be greatly appreciated. -----Original Message----- >From: Yoav Nir <[email protected]> >Sent: Nov 18, 2009 10:49 PM >To: "<[email protected]> <[email protected]>" <[email protected]> >Cc: "[email protected]" <[email protected]> >Subject: Re: [IPsec] How long does an IKEv1 session take to complete? > >What Dan and Gregory said. > >But assuming an unloaded gateway, with "normal" hardware (Any Intel, AMD or >PowerPC processor from the last 10 years or a recent ARM), then even if you >use relatively secure parameters (2048-bit DH group, 2048-bit RSA keys) the >round trip time is going to dominate. The calculations themselves take less >than 20 milliseconds. > >So phase 1 should take about 3 round trips. > >On Nov 18, 2009, at 8:31 AM, <[email protected]> <[email protected]> >wrote: > >> Greetings. Is there any data out there that quantifies how long a typical >> IKEv1 session (main mode and/or aggressive mode) take to complete? >> >> Hyla > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
