Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 10
Registered: ‎03-15-2011

FCIP with IPsec performance impact

Hi all,

I am using FR4-18i blades for an extended distance replication solution using FCIP. I want to enable IPsec on each FCIP tunnel, but I am concerned about the performance impact it may have.

Is there any documented impact on enabling IPsec? it is hardware based encryption? Anyone with good/bad experiences??

Thanks!

Valued Contributor
Posts: 931
Registered: ‎12-30-2009

Re: FCIP with IPsec performance impact

Is your network department involved in this?

Could be they are already encrypting traffic on the WAN, if they do your already have a protection layer in place

Occasional Contributor
Posts: 10
Registered: ‎03-15-2011

Re: FCIP with IPsec performance impact

Hi Dion,

The solution is not implemented yet. I am just asking if activating IPsec on the FCIP tunnel can have a negative impact on performance.

I would also like to know if the IPsec encrytption on FR4-18i blades uses hardware based or software based encryption. That's usually an indicator of how it affects performance.

Thanks!

Valued Contributor
Posts: 761
Registered: ‎06-11-2010

Re: FCIP with IPsec performance impact

Hi,

Not very used to Brocade FCIP and IPsec, but according to the admin guide, when using IPsec with FCIP, Jumbo frames are not suppported. So if Jumbo frames are used in the network; this could mean a big difference, performancewise.

Rgds

Occasional Contributor
Posts: 10
Registered: ‎03-15-2011

Re: FCIP with IPsec performance impact

Thanks, felipon.

We are not going to use jumbo frames, but good to know anyway.

I read in the "SAN Design Best Practices" document that:

"IPsec operates at line rate and is HW-based. There are no additional licenses or costs to use IPsec on Brocade. It adds an insignificant amount of

latency at 5 μs"

This applies to AP-7800B switches, but I don't know if the same statement applies to FR4-18i blades. Does anybody have any insight on this?

Thanks!

Valued Contributor
Posts: 761
Registered: ‎06-11-2010

Re: FCIP with IPsec performance impact

Hi,

There are no figures but it indicates that FR4-18i used HW-based encryption for IPsec.

External Moderator
Posts: 4,780
Registered: ‎02-23-2004

Re: FCIP with IPsec performance impact

javier,

--->>>I want to enable IPsec on each FCIP tunnel,...

In short form, IPsec  required High Performance Extension License.

High Performance Extension over FCIP/FC (formerly known as ―FC-IP Services‖) (For the FR4-18i blade and Brocade 7500) — This license key also includes the FC-FastWrite feature and IPsec capabilities.

I hope this answer you question/problem

TechHelp24
Occasional Contributor
Posts: 10
Registered: ‎03-15-2011

Re: FCIP with IPsec performance impact

Thanks, TechHelp.

My question was more around performance implications of enabling IPsec on a FCIP tunnel.

Any experience on that?

External Moderator
Posts: 4,780
Registered: ‎02-23-2004

Re: FCIP with IPsec performance impact

You ask in native post "i want to enable....." that sound really you have at the moment this features not enabled or configured.

according you question, as mention you must have High Performance Extension over FCIP/FC License before you can enable FCIP over IPsec

Now my question, do you have the License?

TechHelp24
Occasional Contributor
Posts: 10
Registered: ‎03-15-2011

Re: FCIP with IPsec performance impact

Yes, we have "High Performance Extension over FCIP/FC" licenses on each DCX. Thank you

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.