IPsec Bandwidth Consumption

Print version

7. IPsec Bandwidth Consumption

Each IPsec tunnel needs several packets to be exchanged for:

  • Tunnel establishment

  • Re-keying procedures

  • Closing the tunnel

The exact overhead is different for all possible combinations of Encryption, Integrity algorithms, IP compression and other parameters.

One example configuration: PSK, IPcomp enabled, aes128-sha256-modp2048

  • Tunnel establishment: 4 packets, 1528 B

  • Re-keying: 4 packets, 1248 B

  • Closing the tunnel: 2 packets, 216 B

Transferring 5120 B of random data (5 packets) results in 5580 B of transferred data on the Radio channel, i.e. 8.98 % overhead for each packet.

Keep in mind that by percentage, the overhead is higher if the packet size is lower, e.g. the overhead will be higher for 100B packet than for 1300B packets.

Another example: Sending non-compressible 1000B UDP frame results in:

  • Sending 1102B IPsec packet on the Radio channel,

  • while 1030 B packet if IPsec is not used.

That means +72B of overhead (for 1000B packet, it is 7.2% overhead).