[c-nsp] How to terminate 100.000 IPsec VPN clients?
Florian Bauhaus
f.bauhaus at portrix-systems.de
Mon Sep 5 04:40:30 EDT 2011
On 09/02/11 22:25, Alexander Clouter wrote:
> Florian Bauhaus <f.bauhaus at portrix-systems.de> wrote:
>>
>> What would be the best way to terminate 100k IPsec VPN clients?
>>
> I probably would not skin this cat with Cisco, but with Linux.
>
> Find something embedded-esque box with a crypto accelerator; such as:
>
> http://www.globalscaletechnologies.com/p-35-openrd-ultimate.aspx
>
> IIRC I tested an OpenRD ultimate to 70MB/s with AES/MD5...not bad for
> ~$250, using 11W of electricity and takes up the space of a hardback
> book.
>
> Then the rest is strongSwan and a pile of scripting templates; or
> backend RADIUS whatnot.
>
> We (a small-medium sized UK university) use these OpenRD's for lots of
> things at work (RADIUS, syslog, DNS, etc).
Sounds really nice to me but I can't sell that to our customer. We need
some off the shelf hardware with support contracts.
Florian
More information about the cisco-nsp
mailing list