Hmm. As a random datapoint, we routinely sustain 450Mbps+ on instances in Amazon using a Centos 6.7 image on a c3.large instance type
2 cores : CPU0: Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz stepping 04 4GB of RAM We do NAT-T which pushes it to udp/4500 and we tweaked the buffers there. Haven’t played too much more with it because that was sufficient for us, but you can sustain almost half a gig on a lightweight instance. EKG > On Apr 11, 2016, at 1:34 PM, Hose <hose+strongs...@bluemaggottowel.com> wrote: > > What you say...Fred (curious_fre...@gmsl.co.uk): > >> >> What kind of hardware is required to maintain a point to point ipsec link >> with 1gbp/s b/w with Strongswan at each end. >> >> Are there any things/overheads to be aware of from the Strongswan side of >> things? Performance degradation, lower throughput etc as a result of running >> the actual crypto. >> >> Fred. > > Good luck with this. Unfortunately no one seems to have any concrete > information (asked about this previously). My testing shows that there's > a bottleneck somewhere between 200-300mb/s most likely in the kernel > somewhere, as throwing more cores and attempting to parallelize it > improves nothing. Those things may help with multiple IPsec tunnels, but > a single tunnel doesn't show any improvement. > > This was on Debian 8.3 with various kernels in there > ranging from 3.2 to 3.16; a newer kernel may help, but that's just > speculation. > > hose > _______________________________________________ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
