Manualshelf

HP-UX IPSec vA.02.00 Performance and Sizing White Paper

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
12345678910
Table Of Contents
4
Data encryption with ESP Triple Data Encryption Standard (ESP-3DES). 3DES encrypts
the data three times with three 56-bit keys.
Data authentication with Authentication Header (AH) using Secure Hash Algorithm 1
(AH-SHA1-). AH provides data integrity and data authentication.
AH using Message Digest 5 (AH-MD5).
Data encryption with authentication using authenticated ESP with DES, 3DES and
AES and HMAC-SHA1 (ESP-DES-HMAC-HMAC-SHA1, ESP-3DES-HMAC-HMAC-
SHA1, and ESP-AES-HMAC-HMAC-SHA1).
Before transmitting encrypted or authenticated data, IPsec must establish “security sessions,” or
Security Associations (SAs). To isolate data transmission times from IPsec Security Association (SA)
setup time, all throughput, CPU utilization, and service demand measurements were taken using
established IPsec SAs with infinite lifetimes.
CPU Utilization
CPU utilization is the percentage of time that the CPU is not running in the idle loop. CPU utilization
is measured for the HP-UX IPSec transfer types listed above (ESP-DES, ESP-3DES, ESP-AES, AH-
SHA1, AH-MD5, ESP-DES-HMAC-SHA1, ESP-3DES-HMAC-SHA1, and ESP-AES-HMAC-SHA1) with
128 to 32768-byte TCP send buffers. In addition, CPU utilization for raw IP data transmission (data
transmission without HP-UX IPSec enabled) is measured as a baseline.
Service Demand
Service Demand is the measure of how much of the CPU is used to transfer a unit of data, measured
in microseconds of CPU required to transmit one kilobyte (KB) of data. The smaller the measured
Service Demand, the more efficiently the system is operating. Service Demand is measured for the
HP-UX IPSec transfer types listed above with 128 to 32768-byte TCP send buffers. In addition,
service demand for raw IP data transmission (data transmission without HP-UX IPSec enabled) is
measured as a baseline.
Test Configuration
The data in the following sections was derived from tests performed between two systems with the
following configuration:
rx5670 HP-UX Integrity Server
1-way (one CPU)
900 MHz Itanium 2® processor
2G memory
1000Base-T card, operating with100 Mbps link speed (using a 100 Mbps switch)
HP-UX IPSec Version J4256AA A.02.00
OS Version HPUXEng64RT B.11.23 (HP-UX 11i version 2)
netperf version 2.2p14