[nsp] NPE-G1 and 50,000 l2tp sessions???

Michael Dods mdods at connect.com.au
Wed Jan 28 23:57:33 EST 2004


Martin,
Fragmentation will be your main issue. Aim for a CPE MTU of 1400(MSS 1360)
to cater for SSL/VPN/L2TP.  TCP traffic can be manipulated by Ajust-MSS which
accounts for most of the traffic. Can't do much about UDP apart from educating the
end users. DR.TCP is helpful.

The G1 will handle in reality about 8000 sessions.

Run 12.2T or 12.3 for some of these features...and stability.

Also use:
CEF, vpdn ip udp ignore checksum, ppp mtu adaptive.

Forget changing the MTU on the virtual-template, most Windows OS(except XP)
ignore the advertised MRU anyway and will break them. Windows relies on PMTUD instead.
Better to accept whatever the client advertises then manipulate the TCP stream on the
fly. It has a lower CPU overhead than fragmenting packets.
My G1 has over 4600 sessions and 35% 5min CPU.

BTW, 50,000 sessions still won't fit onto several G1s well. Suggest either the 10K PRE2
or front-end a swag of G1s with a 7600SLB.

Cheers,
Michael


















More information about the cisco-nsp mailing list