North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: VoIP over IPsec
On Tue, 18 Feb 2003, Stephen Sprunk wrote: > > It also allows precomputation of the key stream, adding nearly zero > > latency/jitter to the actual packet processing. > > You fail to note that this requires precomputing and storing a keystream for > every SA on the encrypting device, which often number in the thousands. > This isn't feasible in a software implementation, and it's unnecessary in > hardware. You don' have to store the entire keystream, just enough to allow on-the-fly packet processing. Besides, memory is cheap. 100 msec buffers for 100,000 simultaneous voice connections is an astonishing 80 Mb. More realistically, it's 10k calls and 30 msec of buffering. --vadim
|