[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
is 1 Gbps a MUST?
If my interpretation is correct, the current (and earlier ones too) security draft at http://www.drizzle.com/~aboba/RDMA/draft-ietf-ips-security-10.txt seems to say that an IPSec implementation MUST be capable of running at 1 Gbps. I quote from the draft: "Given current networking technology, IP block storage security solutions must be implementable at 1 Gbps in terms of CPU overhead and/or availability of suitable hardware implementations and should be implementable at 10 Gbps in the near future. 10 Gbps implementations are desirable but are not an absolute requirement as implementation feasibility at these speeds is not yet demonstrated. " On the other hand I hear a lot of talk about TOEs in hardware and IPSec in software. Given that, once IPSec is turned on, *every* incoming packet must be inspected to confirm compliance with the security policy, I find it hard to believe that a software implementation can be claimed to be compliant. In fact a software implementation implies introducing a bottleneck in front of the TOE. Am I misinterpreting the requirement or am I underestimating the potential performance of a software implementation? Vince Cavanna Agilent Technologies
Last updated: Fri Feb 22 01:17:58 2002
8839 messages in chronological order