Chapter 8.  IPSec and Application Interoperability

Chapter 8. IPSec and Application Interoperability One of the primary motivations for deploying an IPSec VPN is financial cost savings, yet deploying an IPSec VPN may affect the interoperability of other applications, such as voice and video. Therefore, there is an operational cost to deploying IPSec. Although previous chapters demonstrated many methods for simplifying IPSec VPNs, they did not address the opportunity costs that impact deployment of voice and video over the VPN. In this chapter, you examine the challenges with deploying voice and video applications on an IPSec VPN, and explore techniques to overcome those challenges. Given that voice and video are typically real-time applications, the network's performance must be carefully engineered to meet the application requirements. It is critical to note that real-time and delay-sensitive applications require consistent performance from the network infrastructure. In fact, variability in network performance may make the application completely dysfunctional. Capacity management is one of the most basic tenets of network engineering. Applications, such as circuit-switched telephony, have well-defined bandwidth requirements per call. The migration of circuit-switched telephony to packet-based telephony introduces a whole new genre of capacity engineering principles. The statistical nature of a packet network requires more granular quality of service (QoS) mechanisms to ensure that voice (real-time) and video (pseudo real-time) packets receive the proper capacity at each routing node in the network. Note Voice-over IP fundamentals are beyond the scope of this book. To learn more about the fundamentals of packet voice and QoS requirements associated with real-time applications, you may refer to Voice over IP Fundamentals (Cisco Press, 2000) or Voice-Enabling the Data Network: H.323, MGCP, SIP, QoS, SLAs, and Security (Cisco Press, 2002). One thing is clear: IPSec complicates the capacity management task for enabling real-time applications. To begin, you explore some of the nuances of enabling QoS on IPSec VPNs in order to assess the impact to applications such as packet voice and video.