Re: nmrgScalability of Netconf

[Wes Hardaker <wes@hardakers.net>]

>>>>> On Tue, 5 Jul 2005 19:00:32 +0200, Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de> said:

Juergen> I totally agree - but we continue to hear stories of boxes
Juergen> dying with slightly more than a dozen IPsec associations.

FYI, these are figures showing the number of IPsec SAs that a linux
box handled a number of years ago (I forget the CPU speed of the
laptop, but it had about 512Mb of memory). The IPsec stack was NISTs
running on a 2.4 kernel.

http://sbsm.hardakers.net/sadb-insert.png
http://sbsm.hardakers.net/sadb-speed.png

In short, just the creation of SAs (and these were manually created,
not via IKE) didn't affect much till you got out into the >10000
range.

(sorry about the fuzzy pictures...  converted quickly from postscript)

-- 
Wes Hardaker
Sparta, Inc.


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>