Noel, > I would like to know how the performance of strongswan/Linux is with > about 1000 established tunnels and ~3000 (XFRM) policies.
I think XFRM policy lookup in the kernel scales fine, handling ~3000 policies shouldn't be a problem at all. > How much traffic can be forwarded? Is the performance hit because of > the large number of policies in any way significant? I don't think so; IPsec throughput is mostly limited by your raw crypto performance. Of course working on many SAs may reduce the efficiency of your CPU caches compared to a single SA carrying all the traffic. In the end you'll have to test your setup on your hardware to get any useful answers. Given that some strongSwan installations handle ~100'000 tunnels just fine, scaling to 1000 active tunnels is no rocket science. Regards Martin
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
