[c-nsp] How to terminate 100.000 IPsec VPN clients?
Alexander Clouter
alex at digriz.org.uk
Fri Sep 2 16:25:22 EDT 2011
Florian Bauhaus <f.bauhaus at portrix-systems.de> wrote:
>
> What would be the best way to terminate 100k IPsec VPN clients?
>
I probably would not skin this cat with Cisco, but with Linux.
Find something embedded-esque box with a crypto accelerator; such as:
http://www.globalscaletechnologies.com/p-35-openrd-ultimate.aspx
IIRC I tested an OpenRD ultimate to 70MB/s with AES/MD5...not bad for
~$250, using 11W of electricity and takes up the space of a hardback
book.
Then the rest is strongSwan and a pile of scripting templates; or
backend RADIUS whatnot.
We (a small-medium sized UK university) use these OpenRD's for lots of
things at work (RADIUS, syslog, DNS, etc).
> I already got a few ideas on how to do this but I would like to know if
> someone else got experience with this and could help me out a bit.
>
I would be keen to help out, but then it depends on the objectives of
the project.
Cheers
--
Alexander Clouter
.sigmonster says: BOFH excuse #105:
UPS interrupted the server's power
More information about the cisco-nsp
mailing list