[strongSwan] [strongSwan-dev] strongswan performance
andreas.steffen at strongswan.org
Wed Mar 6 10:03:44 CET 2013
have a look at Intel's 2010 whitepaper on AES-NI IPsec performance:
On 06.03.2013 09:10, Martin Willi wrote:
> Hi Victor,
>> How many IPsec VPN tunnels can strongswan handle?
> I don't have much experience with upscaling our new (5.x) IKEv1
> implementation in charon yet. However, it uses the same architecture as
> IKEv2, which can handle several ten thousand tunnels when configured
>> What maximum speed rate can it handle in one tunnel or in all 50 tunnels for
>> example under Linux/FreeBSD?
>> I have modern Supermicro server with Xeon 3.0GHz and 4 Gig RAM
> I don't have much experience with FreeBSD. On Linux, by default IPsec
> processing runs on a single core only, which limits throughput to a few
> hundred MBit/s. It doesn't really matter if this is for a single or for
> 50 tunnels.
> If you need more, you might consider using AES-NI acceleration if
> possible, or switch to parallel crypto processing. There is a good paper
> about the parallelization work from Steffen Klassert with some numbers
> at .
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users