[55934] in North American Network Operators' Group
Re: VoIP over IPsec
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Tue Feb 18 04:14:14 2003
Date: Tue, 18 Feb 2003 10:13:01 +0100 (CET)
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: Petri Helenius <pete@he.iki.fi>
Cc: <nanog@nanog.org>
In-Reply-To: <00f601c2d6db$410cb950$932a40c1@PHE>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 18 Feb 2003, Petri Helenius wrote:
> > Maybe a stupid question... why would you need GRE tunneling while IPsec
> > has a tunnel mode of its own?
> Probably because a major router vendor, despite of repeated customer requests,
> declined to implement routing across such tunnel mode.
So if the router uses tunnel mode (as per the RFC) despite the GRE
tunnel the packet has three IP headers... So that's 160 bits ethernet
layer 1 + 18 bytes ethernet layer 2 overhead, 24 bytes for the GRE
tunnel, 20 bytes for the IPsec tunnel mode IP header, 10 - 12 bytes for
the ESP header, 16 bytes for the initialization vector, 20 bytes for the
original IP header and finally 20 bytes for the RTP header. With a 40
byte payload that adds up to 188 bytes on the wire of which 78% is
overhead...
