Reduce IPSec Overhead

by Mitch Tulloch [Published on 13 Oct. 2005 / Last Updated on 13 Oct. 2005]

How to reduce the CPU burden of running IPSec.

Using IPSec is a good technique for securing traffic on your internal network and it generally doesn't add that much overhead to your network traffic (50 bytes for ESP, several rounds for setting up SAs, and so on). But if your users frequently download massively large files, the additional CPU usage for clients can be significant. And if your servers are under heavy load then the CPU burden for IPSec can impact them also.

A good solution in this kind of situation is to use IPSec offload cards for your clients and servers that need them. Check with Intel, 3Com, and other vendors for suitable hardware for your environment.

See Also


The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links