HP-UX IPSec vA.03.00 Performance and Sizing White Paper

Authenticated AES and 3DES

ESP by itself does not provide data integrity or data authentication. HP recommends that you use

authenticated ESP for data privacy, integrity and authentication, such as ESP-AES authenticated with

HMAC-SHA1 (ESP-AES-HMAC-SHA1).

The following charts display throughput, CPU utilization, and service demand data for raw IP data

transmission and the following HP-UX IPSec transfer types:

• ESP-3DES-HMAC-SHA1

• ESP-AES-HMAC-SHA1

Throughput

Figure 4 shows the throughput rates in megabits per

second (Mb/s) for ESP-3DES-HMAC-SHA1 and

ESP-AES-HMAC-SHA1. The throughput rate for ESP-AES-HMAC-SHA1 is about 350 Mb/s with a

message size in the range of 1024 bytes to 4096 bytes. Of the two encryption types, ESP-AES-

HMAC-SHA1 provides the strongest encryption with better throughput.

Figure 4. Single dual-core throughput for raw IP, -3DES-HMAC-SHA1, and ESP-AES-HMAC-SHA1

Single dual-core (2-way) throughput

100

200

300

400

500

600

700

800

900

1000

128 256 512 1024 2048 4096 8192 16384 32768

Message size (bytes)

Throughput (Mb/s)

Raw

ESP-3DES-

HMAC-SHA1

ESP-AES-

HMAC-SHA1