i have 8 cores, 18gig ram and a fully switched gigabit network with a foundry big iron switch. i would think that is plenty.
why would it be a problem to have apache on the same machine? that is the whole point of ipsec transport mode: to provide a secure host-to-host transport. 2009/12/29 Jean-Michel Pouré <[email protected]>: > Le mardi 29 décembre 2009 à 21:31 +0100, Andreas Schuldei a écrit : >> now i switch the cipher to blowfish. as a result the percentage the >> server spends in the kernel went down to 3.5%-4.9%. my guess is that >> this is due to the quicker cipher. >> the apache process which is serving the file, however, bounces >> between 20-95% cpu usage. how come? how does ipsec change user-space >> so that the application needs more cpu? >> the used bandwidth is even worse then before: the server manages to >> push only 27.9M/s, which is slightly more then a quarter of its rated >> network throughput. > > How many cores do you have? > Memory and shared memory? > > What do you mean network throughout? > Are you using a recent gigabyte swith? > > Did you think about using SSL acceleration cards or a cheap VIA cards > for hardware SSL? > > If you are really looking for exceptional speed, it may not be optimal > to share IPsec and Apache on the same machine. It is a question of > interruptions and CPU time. > > Kind regards, > Jean-Michel > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
