[strongSwan] Advice on Scaling up / out strongswan

Paton, Andy andy.paton at hp.com
Wed Aug 7 21:22:32 CEST 2013


I am now starting to look at our infrastructure design for deploying strongswan as a production VPN headend.

We are looking at support around 70,000 VPN users, with persistent VPN connections (Always on).

Are there any good resources on scaling up / i.e. At what point does throwing tin and string at an instance stop being effective (we are thinking virtualized infrastructures here).

Hardware resources are not really a constraint currently - we have access to a large amount of compute / can expand and build more, the same with our network infrastructure. It is very greenfield currently.

What about scale out? I have read some about clustering - but have come to the conclusion that this is quite difficult within strong swan, so maybe DNS load balancing with sticky session is more appropriate?

What about load testing - I know about the strongswan load tester, but am interested in what realworld overhead is placed on the VPN headend by pushing traffic (and therefore encrypting it).

Any ideas would be greatly appreciated.


Andy Paton - Bsc. (Hons), MBCS
Innovation Engineer

andy.paton at hp.com<mailto:andy.paton at hp.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130807/6a37e319/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3690 bytes
Desc: image001.png
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130807/6a37e319/attachment.png>

More information about the Users mailing list