I'd like to have some explanations about the handshake times. I used
racoon to establish an IPsec SA between two computers on my LAN. The LAN
latency time is about 0.110 ms and I measured the sending and receiving
of packets with Ethereal. I did the test many times, always getting
approximately the same values:
Time Source Dest
0.00000 10.0.0.12 10.0.0.8 Identity Protection (Main Mode)
0.000919 10.0.0.8 10.0.0.12 Identity Protection (Main Mode)
0.063076 10.0.0.12 10.0.0.8 Identity Protection (Main Mode)
0.011600 10.0.0.8 10.0.0.12 Identity Protection (Main Mode)
0.038176 10.0.0.12 10.0.0.8 Identity Protection (Main Mode)
0.000239 10.0.0.8 10.0.0.12 Identity Protection (Main Mode)
0.000174 10.0.0.8 10.0.0.12 Informal
0.009175 10.0.0.12 10.0.0.8 Informal
1.100225 10.0.0.12 10.0.0.8 Quick Mode
0.012896 10.0.0.8 10.0.0.12 Quick Mode
0.006931 10.0.0.12 10.0.0.8 Quick Mode
I always get a really high time value in the first message of quick mode
exchange!!! It's 1 second!!! It's really a lot!!! I cannot figure out
why!!! Can someone help me? The network latency time is low, it means
that these time values are due to computation on the peers... which
operation requires so much time? The first and second message should
require the same computation on both peers as the operations are the
same (in my case ESP tunnel mode negotiation, but the result doesn't
change if I try ESP transport mode).
Thanks,
Giuseppe
|
Similar Threads
Linear Mode
