Re: Question about network security in embedded environment

From: Fritz M (news_at_m4s0n3r.n3+)
Date: 05/28/03 

Date: Wed, 28 May 2003 16:41:35 +0000 (UTC)

"Skye Roberts" <Carol.Urban@gdds.com> wrote:

> Also I am interested in performance impact. Since we are in an
> embedded environment, I am concern about CPU and memory utilization,
> propagation delay? Any rough numbers on what we should expect based on
> experience.

I don't have any recommendations on specific SSL implementations other
than to mention that Open SSL has a port for VxWorks. I've done
development with SSH Communication's IPSEC reference implementation;
porting was about a two week effort for me. They have support for
VxWorks for their IPSEC Express Toolkit.

Regarding performance impact, it can be significant. I'm working with
Gigabit networks nowadays; just adding authentication headers cuts Gb
network performance on a fast (2+ GHz Pentium) machine as much as 80%.
About half of that performance impact is just processing TCP checksums.

On slower networks the impact will be less, but I don't recall specific
numbers. For a lightweight application, your PPC will probably be just
fine. If you're designing some sort of heavy-duty edge device (which
your feature set seems to suggest), you'll probably want to consider
whatever hardware offload features you can get your hands on. TCP
checksum offload is pretty standard on fast Ethernet controllers now, and
there is also hardware encyrption available.

RFM 

-- 
To reply, translate domain from l33+ 2p33|< to alpha.
                4=a  0=o  3=e  +=t