Good morning r/networking,
Theoretical question here today:
Wondering if anyone had any subjective experience on setting IPSec settings, and how to go about determining what is best for a network.
Assuming relatively fast hardware, such as what is available today in whitebox routers and switches, why not just max out everything (Auth, Encryption, Forward Secrecy, Short Re-key intervals).
In my lab, I see minimal impact on performance when these features are at their maximum available settings, but in the real world, I've only ever seen the same old 3DES/AES128 scheme being deployed, despite running on several thousand dollars worth of firewall.
Maybe I'm missing something here...
No comments:
Post a Comment