Manualshelf

HP-UX IPSec vA.02.00 Performance and Sizing White Paper

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
Table Of Contents
14
Mobile IPv6 Measurements
This section discusses HP-UX IPSec performance when used to secure Mobile IPv6 traffic, and assumes
that the reader is familiar with Mobile IPv6 terminology and concepts. If you are not familiar with
Mobile IPv6, refer to the HP-UX Mobile IPv6 product documentation, or to the Mobile IPv6 chapter in
the HP-UX IPSec version A.02.00 Administrator’s Guide.
HP-UX IPSec version A.02.00 and later supports security services for HP-UX Mobile IPv6 Home
Agents. HP measured the following functions related to HP-UX IPSec support for Mobile IPv6 Home
Agents:
Transmission and processing of secured Binding Update and Binding Acknowledgement messages.
Packets between the Correspondent Node to the Mobile Node, forwarded through the Home
Agent. The Home Agent forwards packets to the Mobile Node using an IPsec tunnel.
Test Configuration
The data in this section was derived from tests performed on systems with the following configuration:
MIPv6 Home Agent - PA-RISC2.0 9000/800/L2000-44
4-way
440 MHZ processors
4G memory
2 100Base-T Cards
HP-UX IPSec Version A.02.00, using manual keys
OS version HPUX B.11.11 (HP-UX 11i v1) with Transport Optional Upgrade Release (TOUR) 2.0
Mobile IPv6 Mobile Node: a single HP-UX PA RISC 2.0 system with a 100Base-T Network Interface
Card (NIC), and running with an instrumented kernel to simulate a Mobile IPv6 Mobile Node (the
system generated and transmitted Mobile IPv6 packets).
Correspondent Node: an HP-UX Integrity server, OS Version HPUXEng64RT B.11.11 (HP-UX 11i v1),
running netperf version 2.2p14 to measure the packets forwarded through the Home Agent.
Binding Update and Binding Acknowledgement Messages
When a Mobile IPv6 Mobile Node attaches to a new foreign network, it sends a Binding Update
message with its Care-of Address (address on the foreign network) to its Home Agent. The Home
Agent sends a Binding Acknowledgement message to the Mobile Node and creates an entry in its
Binding Cache. RFC 3776 specifies that you must use IPsec ESP to secure these Binding messages.
HP measured the number of Binding Cache entries created per second on the Home Agent with HP-
UX IPSec securing the Binding Update and Binding Acknowledgement messages. To generate Binding
Update messages, an HP-UX system instrumented to act as a Mobile Node sent 5000 Binding Update
messages from an adjacent 100-Base-T network.
The results when using ESP-AES and ESP-3DES are as follows:
Transfer Type Number of Binding Cache Entries Created per
Second
ESP-AES 690
ESP-3DES 370