Chapter 15. IPsec Overhead and Fragmentation


Finding out how much overhead IPsec will add to a given packet is not a simple task—there are many different reasons why overhead may be involved in producing an IPsec packet. In the first half of this chapter, we will first look at the structure of GRE, Encapsulation Security Payload, and Authentication Header protocols and the overhead involved and the characteristics of the algorithms that may be used to protect the traffic. We will then look at several ways to derive the plaintext maximum transmission unit (MTU) from the transport MTU and present a table and a set of formulas that make it easy to compute the maximum IPsec overhead for any given situation.

In the second half of this ...

Get IKEv2 IPsec Virtual Private Networks: Understanding and Deploying IKEv2, IPsec VPNs, and FlexVPN in Cisco IOS now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.