[strongSwan] Maximum Performance (Bandwidth)

Andreas Steffen andreas.steffen at strongswan.org
Tue Aug 30 12:08:49 CEST 2011

The IPsec throughput does not depend on strongSwan at all
(being a userland IKE daemon) but on the performance of
the hardware platform, the number of cores available and
preferably a recent Linux version which is able to make
full use of multiple cores. The LinuxTag 2010 paper by
Steffen Klassert gives some benchmark figures:




On 08/30/2011 11:32 AM, nima chavooshi wrote:
> Hi
> Thanks for your quick reply
> For example, in our test lab,we want to generate 1G traffic between 2
> node.If I conduct this traffic on "ipsec" tunnel, how amount of
> performance will be decreased? maybe 200MG or more.
> anyhow, encapsulation of packets has some overhead on performance.
> Thanks in advance
> On Tue, Aug 30, 2011 at 1:42 PM, Andreas Steffen
> <andreas.steffen at strongswan.org <mailto:andreas.steffen at strongswan.org>>
> wrote:
>     Hello Nima,
>     what do you understand by bandwidth?
>       - The ESP throughput of encrypted payload packets?
>       - The IKE throughput of negotiated connections?
>     Regards
>     Andreas
>     On 08/30/2011 10:36 AM, nima chavooshi wrote:
>         Hi
>         Before anything,thanks to anyone that contributes to this project.
>         How bandwidth can StrongSwan handle?in fact I want to know maximum
>         bandwidth that strongswan can handle.
>         Thanks in advance

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list