Cisco versus Xedia with a Large Internet VPN

Jose Muniz Munix-1 at PACBELL.NET
Sat Mar 11 07:08:08 EST 2000 

Hi guys,

Well, I will say that it all depends;
Depends on the router if it is a 1600 or a 7000,
or a PIX?
how much RAM? and so on.
Encryption is CPU intensive and
you'll need the RAM that can handle a large number of connections
How many?
I have not play with Xedia. However, you should be able to
get the specs and figure out how much resources each connection uses,
or by doing a load test and check your mesurements then figuring it out
won't be as bad, you will find out that lots of memory will be used.
Depends also on the frequency of the keying, so make the intervals
larger if you have to.
Also, you might want to use a fixed keying with the huge drawback of
making it
much more insecure.
And by the same token pay attention to the authentication methods that
you want to use.
Using RSA signed certs, [if supported I don't know] and 1024 bit lenght,
I don't think it will take very well the banging of 3000 concurent
connections.
And how scalable?  mmmmm....
To make it scalable, then you need to look for a product that is policy
config.
based, and X509 certs so does not become a nightmare to administer all
those
3000 concurrent users. So also pay attention if the product also
supports
other auth methods like radius or secure-ID.

My point is that it is very hard for someone in Marketing to test a
VPNwith 3000
concurrent connections and with random authentications to recreate the
environment and the load of what really is 3000 simultanious
connections.

Just trying to shade a bit on light..!

Jose Muniz.



Lowell Hanson wrote:
>
> Hi,
>
> Has anyone done a study, or had experience in comparing how Xedia and
> Cisco scale as the VPN reaches 3000+ nodes on the Internet? We are
> currently evaluating the two products but will only be able to set up 3
> to 4 nodes on the Internet during the demo.
>
> Thanks!
>
> Lowell
> --
> ------------------------------------------------------
> Lowell K. Hanson  Senior Consultant Phone:703-817-0627
>   mailto:lkh at dgsys.com HTTP://www2.dgsys.com/~lkh
> We can change the world, but must begin with ourselves"
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list