On 16.01.2017 20:39, Varun Singh wrote:
On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff <m...@sys4.de> wrote:Am Montag, 16. Januar 2017, 20:06:45 schrieb Andreas Steffen:Hi Varun,we have customers who have successfully been running up to 60k concurrent tunnels. In order to maximize performance please have a look at the use of hash tables for IKE_SA lookup https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable as well as job priority management https://wiki.strongswan.org/projects/strongswan/wiki/JobPriority We also recommend to use file-based logging since writing to syslog extremely slows down the charon daemon https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration The bottleneck for IKE processing is the Diffie-Hellman key exchange where 70-80 % of the computing effort is spent. Use the ecp256 or the new curve25519 (available with strongSwan 5.5.2) DH groups for maximum performance. ESP throughput is limited by the number of available cores and the processor clock frequency. Use aes128gcm16 for maximum performance. Best regards Andreas On 16.01.2017 19:00, Varun Singh wrote:Hi, As I understand, strongSwan supports scalability from 4.x onwards. I am new to strongSwan and to VPN in general. I have setup a strongSwan 5.3.5 installed on Ubuntu 16.04LTS. Though I have read that strongSwan supports scalability, I couldn't find stats to support it. Before adopting strongSwan, my team wanted to know *if it can support upto 100k simultaneous connections*. Hence I need to find pointers to obtain this kind of information.hi, I think further scaling might be possible with loadbalancers. But this is topic of deeper investigation of the project. Mit freundlichen Grüßen, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/usersThanks Michael, I was just searching whether load balancing is supported by strongSwan or not. Came across this thread: https://lists.strongswan.org/pipermail/users/2013-November/005615.html But this didn't lead to any conclusion. So is load balancing supported by strongSwan?
Have a look at strongSwan's High Availability (HA) solution https://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability which can be run in an active-active mode where the load-balancing is achieved by Cluster IP. Andreas ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users