> This is admittedly off topic, but it also seems like a good place to ask > the question. We currently have a bunch of Juniper firewalls to handle > our VPN tunnels. We are pretty happy with them, but they tend to max out > at around 100-200 tunnels each because of limitations in CPU > performance. I would like to find a good Linux alternative because I'm > thinking that we should be able to cram 500 tunnels onto a multi-core > Xeon server pretty comfortably. Does anyone know a good Linux-based > firewall/VPN solution? I've Googled, but mostly I just see references to > OpenSWAN and SmoothWall. That would probably be fine if I could find > some case studies where people used those tools in high-load > environments. > > Eric Robinson
Hi, I think you get the best throughput with OpenSWAN because IPsec uses symmetric ciphers like AES. A quite old performance estimation link is: http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/performance.html The basic maths still is true. With new crypto acceleration hardware support compiled into the kernel you should be able to saturate a 1 GBit/s line with a decent Linux machine. See: http://lwn.net/Articles/269327/ Greetings, -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 Fax: (089) 620 304 13
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
