Hi Victor, have a look at Intel's 2010 whitepaper on AES-NI IPsec performance:
http://www.intel.com/content/www/us/en/intelligent-systems/wireless-infrastructure/aes-ipsec-performance-linux-paper.html Regards Andreas On 06.03.2013 09:10, Martin Willi wrote:
Hi Victor,How many IPsec VPN tunnels can strongswan handle?I don't have much experience with upscaling our new (5.x) IKEv1 implementation in charon yet. However, it uses the same architecture as IKEv2, which can handle several ten thousand tunnels when configured properly.What maximum speed rate can it handle in one tunnel or in all 50 tunnels for example under Linux/FreeBSD?I have modern Supermicro server with Xeon 3.0GHz and 4 Gig RAMI don't have much experience with FreeBSD. On Linux, by default IPsec processing runs on a single core only, which limits throughput to a few hundred MBit/s. It doesn't really matter if this is for a single or for 50 tunnels. If you need more, you might consider using AES-NI acceleration if possible, or switch to parallel crypto processing. There is a good paper about the parallelization work from Steffen Klassert with some numbers at [1]. Regards Martin [1]http://www.strongswan.org/docs/Steffen_Klassert_Parallelizing_IPsec.pdf
====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
