Re: [nmrg] Re: nmrgScalability of Netconf

[Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>]

On Tue, Jul 05, 2005 at 09:04:58AM -0700, Wes Hardaker wrote:

> I'd expect the limiting fact in that to be the memory not the CPU
> speed.  Machines of that caliber can handle huge numbers of web
> connections without blinking much.  The number of TCP connections
> won't be the limiting factor at all, I don't think.  The CPU speed
> will certainly be affected by the continuous stream of cryptographic
> connections, but unless you're doing something like using multiple
> clients connecting at once you have no way to be sure that the server
> is not the limiting factor there and not your client.

I totally agree - but we continue to hear stories of boxes dying with
slightly more than a dozen IPsec associations. And I do know from
experience that some OSes are not as scalable as some other OSes. 
Some OSes are rather good these days in dynamically allocating TCP 
control blocks and process table entries when needed. In the not
so good old days, these things often had static limits you could
run into. But this is mostly history now.

I am actually not even sure memory is the issue - filling 512 MB (or
you can easily and cheaply get 1GB or more these days) with ssh state
data also requires rather poor implementations (like my stupid script 
for example).

/js

-- 
Juergen Schoenwaelder		    International University Bremen
<http://www.eecs.iu-bremen.de/>	    P.O. Box 750 561, 28725 Bremen, Germany

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>