LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [lvs-users] [OT] High Performance Linux Firewall / VPN Device?

from [Joseph Mack NA3T] [Permanent Link]
To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] [OT] High Performance Linux Firewall / VPN Device?
From: Joseph Mack NA3T <jmack@xxxxxxxx>
Date: Tue, 9 Aug 2011 17:35:11 -0700 (PDT) 
On Tue, 9 Aug 2011, Robinson, Eric wrote:

> This is admittedly off topic,

close enough and it's an interesting problem

> but it also seems like a good place to ask the question. 
> We currently have a bunch of Juniper firewalls to handle 
> our VPN tunnels. We are pretty happy with them, but they 
> tend to max out at around 100-200 tunnels each because of 
> limitations in CPU performance. I would like to find a 
> good Linux alternative because I'm thinking that we should 
> be able to cram 500 tunnels onto a multi-core Xeon server 
> pretty comfortably.

presumably your estimate is based on the known load for a 
given (smaller) number of tunnels?

You'd need good nics with offload etc.

> Does anyone know a good Linux-based firewall/VPN solution? 
> I've Googled, but mostly I just see references to OpenSWAN 
> and SmoothWall. That would probably be fine if I could 
> find some case studies where people used those tools in 
> high-load environments.

as for this project, developers usually don't have a setup 
they can test at full bore and rely on users to let them 
know what they get.

a quick search with google doesn't show anything useful for 
Smoothwall performance, which is not good for a product 
that's been out for 10-12 years. I expect someone would have 
flogged the box of the day (400MHz Pentium say) with 
increasing numbers of connections till the machine froze. 
Someone has tested the max throughput for one connection ;-\

I remember trying to setup OpenSWAN about 10yrs ago and 
giving up. It was too complex.

There's another Linux VPN which also was horrific to setup, 
and I can't remember its name. I thought it might be 
OpenVPN, but on going to that webpage, it looks like a 
glitz soaked commercial product.

No wonder Juniper has the market cornered

Hope you find something.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [lvs-users] [OT] High Performance Linux Firewall / VPN Device?, Robinson, Eric
Next by Date:  Re: [lvs-users] [OT] High Performance Linux Firewall / VPN Device?, Joseph Mack NA3T
Previous by Thread:  [lvs-users] [OT] High Performance Linux Firewall / VPN Device?, Robinson, Eric
Next by Thread:  Re: [lvs-users] [OT] High Performance Linux Firewall / VPN Device?, Joseph Mack NA3T
Indexes:  [Date] [Thread] [Top] [All Lists]