slow encrypt network traffic
HiI have a little problem. I using IPSec with CA to encrypt network traffic. I have a gigaethernet and when I have un assigned gpo with this, everything works fine. But when I assigned it all network trafic slows to even below normal ethernet (about 4-5 MB/s) I know that encryption slows down network traffic a bit, but why more than tenfold?Any idea to fix this ??
October 7th, 2009 11:28am

Hi, Thanks for your post. IPSEC protection adds overhead to IP packets. It is expected that the network performance is slower. The influence of IPSEC on performance depends on many aspects, such as the CPU ability, the cryptography algorithm configured, the number of filters configured in the IPSec policy, whether a IPSEC offload NIC is available, etc. Based on our tests, the CPU usage will increase dramatically after IPSec is enabled if the NIC could not offload IPSEC traffic: 1. This measures performance impact on Windows Server 2003 using a production 10/100 mbps offload NIC with transport mode IPSec. 2. Measurement was taken on a 1.8 Ghz X86 with 512 MB ram 3. UDP packets of size 500 bytes each were used for measurement. Throughput (Bytes /sec) CPU Utilization (%) No IPsec Policy 11922746 37% ESP NULL SHA1 w/o offload 11918181 96% ESP NULL SHA1 with offload 11915777 72% ESP 3DES SHA1 w/o offload 4991788 100% ESP 3DES SHA1 with offload 9434515 56% Therefore, if the CPU is not very powerful, the performance will be greatly affected. It might be necessary to increase the available network bandwidth or CPU power, or install IPSec offload adapters to compensate for the increased overhead of IPSec. Weighing IPSec Tradeoffs http://technet.microsoft.com/en-us/library/cc782872(WS.10).aspx Hope the information is helpful. Joson Zhou TechNet Subscriber Support in forum This posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
October 8th, 2009 1:11pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics