|
Hi,
Some examples using this estimation method:
Type: T3 or E3
MBit/s: 45
Estimate
Mbit*25: 1125 MHz
Minimum IPSEC gateway: 1200
Minimum with other load (e.g. firewall): 1500+
--------------------
So a 2GHz Machine should en/decrypt something like 50MBit - a dual
This is the upper limit and only valable if your machine does nothing
else ;) I reckon you would like to log the stuff too, but your scheduler
will never give your user space process any time to run? Sure, you get
50Mbit/s but can't log anymore nor can you login in a reasonable
timeframe to fix the damn thing if it stands somewhere in a data center
in the middle of nowhere. Now, assume you have more then one NIC and you
might get into interrupt mitigation problems, early drow because of
receive queue saturation and another IRQ related thing -> 5Mbit drop
dead. To make the whole story really interesting, let's assume you put
2000 iptables entries onto your packetfilter and -> you're down at
25Mbit/s. It's real, it's in my lab and I don't like it :)
And as I understand their calculations, it's 50Mbit/s with MTU packets.
Xeon's help but are bloody expensive.
machine a little bit more (I know it's not multithreaded, but
firewalling etc could be done on the other CPU). So we have 5
megabytes/sec.
SMP not necessarily does a speed up. Only when you have per CPU L1 and
L2 cache. If this is not the case, you have a L1 refill/flush problem.
I'm currently working on a benchmark test which seems to clearly reflect
such problems. I just blindly draw the conclusion that for IPsec it must
be equivalent.
One Machine would spoil the scalability.
What do you mean by that?
Cheers,
Roberto Nibali, ratz
|
