|
John P. Looney wrote:
Your main bottleneck will be in the amount of data that your average CPU
can {de,en}crypt. Something like a 2Ghz chip should be able to encrypt a
little over a megabyte a second, with a good tail wind. You would be
better advised to use one box, with hardware FreeS/Wan acceleration
instead.
I was starting from a different point:
from
http://www.freeswan.org/freeswan_trees/freeswan-1.94/doc/performance.html#perf.estimate
(layout changed):
--------------------
...
so we suggest using C * 25 to get an estimate with a bit of a built-in
safety factor.
...
Some examples using this estimation method:
Type: T3 or E3
MBit/s: 45
Estimate
Mbit*25: 1125 MHz
Minimum IPSEC gateway: 1200
Minimum with other load (e.g. firewall): 1500+
--------------------
So a 2GHz Machine should en/decrypt something like 50MBit - a dual
machine a little bit more (I know it's not multithreaded, but
firewalling etc could be done on the other CPU). So we have 5 megabytes/sec.
One Machine would spoil the scalability.
There was some rumours of Intel doing drivers for the secure versions of
the eepro100 chips (which I think some PowerEdges support), but they
certainly never released it. Checkout the FreeS/WAN website for more
details on what hardware is supported.
Thanks, I already checked it, but there seems to be not very much HW
support (ok - one card may be wnough). I also heared of the mysterious
support for eepro100 (the s Version), wich would be very interesting to
us, because we have a couple of these cards laying around...
Henrik.
| 