|
> > We currently have a bunch of Juniper firewalls to handle
> > our VPN tunnels. We are pretty happy with them, but they
> > tend to max out at around 100-200 tunnels each because of
> > limitations in CPU performance. I would like to find a
> > good Linux alternative because I'm thinking that we should
> > be able to cram 500 tunnels onto a multi-core Xeon server
> > pretty comfortably.
>
> presumably your estimate is based on the known load for a
> given (smaller) number of tunnels?
>
It is based on known load for that number of tunnels. We have NetScreen
100 firewalls and NetScreen 500 firewalls in production. The model 100's
tend to hover around 60% CPU with active 120 active tunnels. The model
500's are running 40-50% CPU with ~200 active tunnels. Bandwidth
utilization is about 10Mbps of AES128 traffic.
> You'd need good nics with offload etc.
Fair enough.
--Eric
Disclaimer - August 10, 2011
This email and any files transmitted with it are confidential and intended
solely for LinuxVirtualServer.org users mailing list.. If you are not the named
addressee you should not disseminate, distribute, copy or alter this email. Any
views or opinions presented in this email are solely those of the author and
might not represent those of Physicians' Managed Care or Physician Select
Management. Warning: Although Physicians' Managed Care or Physician Select
Management has taken reasonable precautions to ensure no viruses are present in
this email, the company cannot accept responsibility for any loss or damage
arising from the use of this email or attachments.
This disclaimer was added by Policy Patrol: http://www.policypatrol.com/
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
