[strongSwan] [strongSwan-dev] strongswan performance
Andreas Steffen
andreas.steffen at strongswan.org
Wed Mar 6 10:03:44 CET 2013
Hi Victor,
have a look at Intel's 2010 whitepaper on AES-NI IPsec performance:
http://www.intel.com/content/www/us/en/intelligent-systems/wireless-infrastructure/aes-ipsec-performance-linux-paper.html
Regards
Andreas
On 06.03.2013 09:10, Martin Willi wrote:
> Hi Victor,
>
>> How many IPsec VPN tunnels can strongswan handle?
>
> I don't have much experience with upscaling our new (5.x) IKEv1
> implementation in charon yet. However, it uses the same architecture as
> IKEv2, which can handle several ten thousand tunnels when configured
> properly.
>
>> What maximum speed rate can it handle in one tunnel or in all 50 tunnels for
>> example under Linux/FreeBSD?
>
>> I have modern Supermicro server with Xeon 3.0GHz and 4 Gig RAM
>
> I don't have much experience with FreeBSD. On Linux, by default IPsec
> processing runs on a single core only, which limits throughput to a few
> hundred MBit/s. It doesn't really matter if this is for a single or for
> 50 tunnels.
>
> If you need more, you might consider using AES-NI acceleration if
> possible, or switch to parallel crypto processing. There is a good paper
> about the parallelization work from Steffen Klassert with some numbers
> at [1].
>
> Regards
> Martin
>
> [1]http://www.strongswan.org/docs/Steffen_Klassert_Parallelizing_IPsec.pdf
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130306/a74b0ee0/attachment.bin>
More information about the Users
mailing list