Reduce IPSec Overhead

by Mitch Tulloch [Published on 13 Oct. 2005 / Last Updated on 13 Oct. 2005]

How to reduce the CPU burden of running IPSec.

Using IPSec is a good technique for securing traffic on your internal network and it generally doesn't add that much overhead to your network traffic (50 bytes for ESP, several rounds for setting up SAs, and so on). But if your users frequently download massively large files, the additional CPU usage for clients can be significant. And if your servers are under heavy load then the CPU burden for IPSec can impact them also.

A good solution in this kind of situation is to use IPSec offload cards for your clients and servers that need them. Check with Intel, 3Com, and other vendors for suitable hardware for your environment.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see .

Latest Contributions

Featured Links