Re: [lvs-users] [OT] High Performance Linux Firewall / VPN Device?

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] [OT] High Performance Linux Firewall / VPN Device?
From: Michael Schwartzkopff <misch@xxxxxxxxxxxxxxxxx>
Date: Wed, 10 Aug 2011 06:24:32 +0200
> This is admittedly off topic, but it also seems like a good place to ask
> the question. We currently have a bunch of Juniper firewalls to handle
> our VPN tunnels. We are pretty happy with them, but they tend to max out
> at around 100-200 tunnels each because of limitations in CPU
> performance. I would like to find a good Linux alternative because I'm
> thinking that we should be able to cram 500 tunnels onto a multi-core
> Xeon server pretty comfortably. Does anyone know a good Linux-based
> firewall/VPN solution? I've Googled, but mostly I just see references to
> OpenSWAN and SmoothWall. That would probably be fine if I could find
> some case studies where people used those tools in high-load
> environments.
> Eric Robinson


I think you get the best throughput with OpenSWAN because IPsec uses symmetric 
ciphers like AES. A quite old performance estimation link is:

The basic maths still is true.

With new crypto acceleration hardware support compiled into the kernel you 
should be able to saturate a 1 GBit/s line with a decent Linux machine. See:



Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München

Tel: (0163) 172 50 98
Fax: (089) 620 304 13

Attachment: signature.asc
Description: This is a digitally signed message part.

Please read the documentation before posting - it's available at: mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to
<Prev in Thread] Current Thread [Next in Thread>