What you say...Fred ([email protected]): > > What kind of hardware is required to maintain a point to point ipsec link > with 1gbp/s b/w with Strongswan at each end. > > Are there any things/overheads to be aware of from the Strongswan side of > things? Performance degradation, lower throughput etc as a result of running > the actual crypto. > > Fred.
Good luck with this. Unfortunately no one seems to have any concrete information (asked about this previously). My testing shows that there's a bottleneck somewhere between 200-300mb/s most likely in the kernel somewhere, as throwing more cores and attempting to parallelize it improves nothing. Those things may help with multiple IPsec tunnels, but a single tunnel doesn't show any improvement. This was on Debian 8.3 with various kernels in there ranging from 3.2 to 3.16; a newer kernel may help, but that's just speculation. hose _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
