How to measure the time needed to bring up an IPSec tunnel

Forum|Forum|10 years ago
September 9, 2015
3 replies
3282 views

Do you know if it's possible to have a precise measure of the time needed in order to bring up an IPSec tunnel?

emnoc

New Member

That's almost hard to predict. It's like predicting when the 1st drop of rain would fall

Why do you need or think you need precise time? You hve factors from latency, how manyhops, & then response time from the initiator or responder to contend with.

Ken

Diabolicus23Author

New Member

I don't want to predict I'd like to "measure" a specific event during it occurs.

emnoc

New Member

Than measure the time of the 1st IKE packet sent as a initiator and the time the phase2 SPI are set. That time would very for all of the variable I mention before.

Ideally, you could run tshark and look at timestamps of a flow of packets for the IKE1 and ESP data. if you are critical you could use IKEv2 to maybe shave a few hairs off in "ms" but this is not going to be very noticeable to the end user & then you have the variable in either the initiator or responder & the layer3 path.

All I can tell you, ipsec-vpns are short in overall setup times than ssl-vpns.

YMMV

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded