Specifications
3000sb4.fm
P31003-H3560-X100-1-7618, 09/05
HiPath 3000/5000 V6.0, System Description
4-7
For internal use only
HiPath 3000/5000 in the LAN Network
Network Analysis
This operating mode offers the highest security for site-to-site VPNs.
ESP header length: The length of the ESP header depends on the encryption algorithm used.
If used for cipher block chaining (block encryption), the ESP header contains an initialization
vector ("IV" in table above). The initialization vector is the same length as an encryption block.
Padding: Padding with bytes is required as the encryption algorithms are based on block en-
cryption. The entire encoded part of the packet (original IP/UDP/RTP header, voice payload,
ESP padding header, ESP padding) must be an integer value which is a multiple of the encryp-
tion block length.
The number of padding bytes required for voice packets is calculated using the following for-
mula:
(42 + x + y) [bytes] = N x (8 or 16 [bytes]) // N is an integer.
Protocol Bytes Encoded?
ESP Trailer 12
ESP Padding Varying (y) Encrypted
ESP Padding Header 2 Encrypted
Voice Payload Varying (x) Encrypted
RTP 12 Encrypted
UDP 8 Encrypted
IP (original) 20 Encrypted
ESP Header 8 + IV
1
1 IV = Initialization Vector. Explained in text below the table
IP (tunnel) 20
802.1Q VLAN tagging 4
MAC (incl. preamble, FCS) 26
Total 112 + IV + x + y
Table 4-9 Encoded Voice Packet Structure
(ESP Tunnel Mode with Authentication)
Encryption algorithm Block length Initialization vector length
AES 16 bytes (128 Bit) 16 bytes (128 Bit)
DES 8 bytes (64 Bit) 8 bytes (64 Bit)
3DES 8 bytes (64 Bit) 8 bytes (64 Bit)
Table 4-10 Block Lengths of the Encryption Algorithms