[c-nsp] How to terminate 100.000 IPsec VPN clients?

[Arie Vayner (avayner)]

Just to explain, as I got an offline comment...

I am proposing 2 different solutions:
- ASR1K can be used for IPSec termination
- A load balancer can be used to scale the solution and use multiple IP
Sec servers.

Other "IP Sec" servers types (ASA etc) can be used...

Arie

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Arie Vayner
(avayner)
Sent: Sunday, September 04, 2011 14:39
To: Florian Bauhaus; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] How to terminate 100.000 IPsec VPN clients?

Another option could be an ASR1K which can do quite a lot of IPSec.
I would most likely have looked into using a load balancer to load share
between multiple "servers", and just add more IPSec nodes as the scale
would require...

Arie

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Florian Bauhaus
Sent: Friday, September 02, 2011 16:55
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] How to terminate 100.000 IPsec VPN clients?

Hello,

What would be the best way to terminate 100k IPsec VPN clients?

Use a 6500/7600 with appropriate modules? Put 10 ASA5580-20 in a rack?
How to manage the whole thing?
The clients won't make a lot of traffic so throughput isn't really a
matter.

I already got a few ideas on how to do this but I would like to know if
someone else got experience with this and could help me out a bit.


Best regards,
Florian
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/