HP-UX IPSec vA.02.00 Performance and Sizing White Paper
Table Of Contents
3
Overview
The purpose of this document is to provide basic guidelines for accurately determining HP-UX server
system modeling and configuration when using HP-UX IPSec. It is intended to help customers and the
HP field force effectively size customer configurations when selling systems, responding to RFPs and
deploying systems with HP-UX IPSec.
The HP-UX IPSec product operates on HP-UX 11.0 and HP-UX 11i (HP-UX 11i v1 and HP-UX 11i v2
update 2). HP measured performance on HP-UX 11i systems with IPv4 addressing, but HP-UX IPSec
produces comparable results on HP-UX 11.0 and on HP-UX 11i with IPv6 addressing.
On HP-UX Integrity servers, HP-UX IPSec provides outstanding performance when securing IP packets
with 128-bit Advanced Encryption Standard (AES) encryption. Throughputs as high as 91.8 Megabits
per second (Mb/s) in a 100 Mb/s network were achieved between two one-way Integrity servers,
which is less than 3% degradation of normal IP traffic throughput (94.68 Mb/s).
This document contains the following sections:
• Throughput, CPU Utilization and Service Demand. Throughput, CPU utilization and service demand
data for transferring data with HP-UX IPSec on one-way (single-CPU) rx2600 HP-UX Integrity
servers.
• Security Association Measurements. Time measurements for establishing “security sessions” or
Security Associations (SAs) that HP-UX IPSec creates before transferring data.
• Secure Mobile IPv6 Measurements. Time measurements for securing Mobile IPv6 binding messages
and forwarding Mobile IPv6 packets through an IPsec tunnel.
• Applying Performance Data. Procedures for applying the performance data.
• Appendix A: Two-way HP-UX Integrity Server Performance Data. Data transfer throughput, CPU
utilization and service demand data for HP-UX IPSec on two-way (dual-CPU) rx2600 HP-UX Integrity
servers.
• Appendix B: HP-UX PA-RISC Performance Data. Data transfer throughput, CPU utilization and
service demand data for HP-UX IPSec on one-way (single-CPU) A-Class HP-UX PA-RISC servers.
• Appendix C: Testing Methodology. Testing methodology information.
Throughput, CPU Utilization and Service Demand
This section contains the following HP-UX performance metrics for single-CPU rx2600 HP-UX Integrity
servers:
• Throughput
Throughput is the quantity of data transferred per second, measured against the TCP send buffer
size (128 to 32786 bytes). Raw throughput (throughput without HP-UX IPSec enabled) is measured
as a baseline. Throughput is measured for packets secured using the following HP-UX IPSec transfer
types:
Data encryption with Encapsulating Security Protocol using Advanced Encryption
Standard (ESP-AES). ESP provides data privacy. The AES used by HP-UX IPSec
encrypts the data using a 128-bit encryption key and is the most secure HP-UX IPSec
ESP encryption method.
Data encryption with ESP Data Encryption Standard (ESP-DES). The DES algorithm
uses a 56-bit encryption key. ESP-DES has been cracked (data encrypted using DES
has been decoded by a third party), and should be used only when required for
compatibility or when legal restrictions disallow the use of other encryption methods.