[strongSwan] strongswan limits
Martin Willi
martin at strongswan.org
Tue Dec 14 16:59:07 CET 2010
Hi Omar,
> -Do you have any idea about what would be the limits (throuput,
> sessions/sec) of a Strongswan installation using a Quad Xeon 2.2Ghz,
> 4Gb RAM + Debian 5? Any idea about how to measure it?
IKE (and ESP) tunnel setup rate is mostly limited by your asymmetric
crypto performance, we have some numbers at [1]. We did some upscaling
work for up to 20K concurrent IKE+ESP tunnels, you'll find more
information about the tools at [2].
Raw ESP data throughput depends on packet size, and most Kernels are
limited to a single core (somewhere between ~200-500 Mbit/s on your
CPU?). With a kernel supporting IPsec processing on multiple cores, it
might be possible to saturate a 1Gbit link.
TCP session setup is not directly related to IPsec processing and
depends on what you're doing with these sessions on the gateway
(connection tracking, firewalling, ...).
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/PublicKeySpeed
[2]http://wiki.strongswan.org/projects/strongswan/wiki/LoadTests
More information about the Users
mailing list