Good afternoon, folks!
Well, it looks like at least part of the capacity answer was in the Linux
FreeS/WAN Compatibility Guide, right above the crypto hardware section at:
<http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/compat.html#multipro
cessor>, namely the dual processor option. I've long used dual CPU machines
with NT4 & NT5, all the way back to dual PPro machines.
On the other hand, the article cited above glosses over a problem with
multiple CPU's: The linux 2.2x kernel does *not* have a multithreaded IP
stack. If you remember about 2½ years ago, NetCraft had a "shootout" between
NT4/IIS and linux 2.2x/apache, on quad Xeon Dell's... And IIS blew apache out
of the water as the load increased. As it turns out after long analysis, the
bottleneck was the IP stack only using one CPU; and the problem wasn't fixed
until the v2.4 kernel was released.
As I look at the FreeS/WAN documentation with an eye towards a dual CPU
mobo, I notice that it still uses the 2.2x kernel, which means I lose the
symmetric multiprocessing capacity, and end up somewhere between NetWare 4 and
MacOS 9 running on dual CPU boxes.
Are there any FreeS/WAN implementations using the v2.4x kernel?
Cheers!
Dan Schwartz
Cherry Hill, NJ
---> PREVIOUSLY, MR. BROCK NANSON WROTE...
>From: "Brock Nanson" <[EMAIL PROTECTED]>
Subject: [Leaf-user] Re: Starting from scratch to build a high capacity VPN
tunnel appliance
Date: Wed, 19 Dec 2001 09:44:45 -0800
>Hi Dan,
>I don't think you are alone in this quest... There are several prebuilt
options out there (firecard for instance) that can make the VPN more of
an appliance than a PC. However, it's nice to have some control over
the configuration, and more satisfying to do it yourself rather than
just buy a canned product!
>I believe the CF-IDE idea has been done, at least for the regular LRP
concept. You could snoop around the various LRP sites. I don't see why
it couldn't be extended to include the FreeS/WAN stuff as well. I've
got the Steinkuehler version of 1.5 going in several locations, without
issue. I just use the floppy drive versions - they are only read on
boot - and have yet to have a floppy-caused failure. I avoided the
'superfloppy' by adding a second drive. So I have two 1.44 MB floppies
to handle all the modules I need.
>I'm not sure that the Compact Flash idea is really going to solve all
your problems... Why not try the floppy method first? A second set of
floppies kept at each site would allow a failsafe should the first set
meet an untimely demise. And if you're planning to courier updated CF
cards, you could just as easily courier a new set of floppies. Or for
that matter, create new disk images you could email and have the remote
office write them to floppy. Or SSH and SCP stuff to the remote
offices. Using a CD would be even more reliable... In fact I'd be
tempted to say more reliable than CF.
>Given that my floppies see use once a month or less, I don't think you
should be overly concerned! Once you build a stable system, you could
practically through the floppies away and run the gateway on a UPS -
they are that solid.
>R Brock Nanson, P.Eng. [EMAIL PROTECTED]
TRUE Consulting Group
201 - 2079 Falcon Road
Kamloops BC V2C4J2 www.true.bc.ca
(250) 828-0881 fax: (250) 828-0717
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
