[strongSwan] strongswan performance
Martin Willi
martin at strongswan.org
Wed Mar 6 09:10:33 CET 2013
Hi Victor,
> How many IPsec VPN tunnels can strongswan handle?
I don't have much experience with upscaling our new (5.x) IKEv1
implementation in charon yet. However, it uses the same architecture as
IKEv2, which can handle several ten thousand tunnels when configured
properly.
> What maximum speed rate can it handle in one tunnel or in all 50 tunnels for
> example under Linux/FreeBSD?
> I have modern Supermicro server with Xeon 3.0GHz and 4 Gig RAM
I don't have much experience with FreeBSD. On Linux, by default IPsec
processing runs on a single core only, which limits throughput to a few
hundred MBit/s. It doesn't really matter if this is for a single or for
50 tunnels.
If you need more, you might consider using AES-NI acceleration if
possible, or switch to parallel crypto processing. There is a good paper
about the parallelization work from Steffen Klassert with some numbers
at [1].
Regards
Martin
[1]http://www.strongswan.org/docs/Steffen_Klassert_Parallelizing_IPsec.pdf
More information about the Users
mailing list