Re: is 1 Gbps a MUST?

[Fred Baker <fred@cisco.com>]

At 03:06 PM 2/21/2002, CAVANNA,VICENTE V (A-Roseville,ex1) wrote:
>If my interpretation is correct, the current (and earlier ones too) 
>security draft 
>at  http://www.drizzle.com/~aboba/RDMA/draft-ietf-ips-security-10.txt 
>seems to say that an IPSec implementation MUST be capable of running at 1 Gbps.

I won't respond to the wording of the draft, but to the sense that it must 
be intended to convey. If the wording doesn't convey this, it is the 
wording which must change.

It seems to me that if the transfer of encrypted data at nominal link rates 
is expected, then encryption and decryption must be achieved at link rates. 
If 1 GBPS link rates are in view, guess what rates are important. If 10 GBPS...

It seems to me that the question is not whether or not you are mandated to 
implement IPSEC in software, but what you need to do to accomplish link 
speed encryption and decryption. Hardware and software are duals; you can 
implement the algorithm either way, and the trade-off is money vs speed.

We offer our customers both software and hardware options for IPSEC, and if 
the expected encryption rate is above certain speeds, we get fairly 
insistent on the latter. We call that "common sense".