Cisco versus Xedia with a Large Internet VPN
Ryan McBride
mcbride at COUNTERSIEGE.COM
Sun Mar 12 22:34:53 EST 2000
The Xedia (Which is now the Lucent Access Point 1000, btw.) _does_ do
X.509 Certificates and is policy configurable, as well as Radius, etc.
authentication. If you're scaling it up to 3000+ VPN's you'll probably
need the full 256MB of ram, as well as at least 1 encryption acceleration
card, perhaps two depending on data throughput. And you can always buy a
second one :-)
-Ryan
On Sat, 11 Mar 2000, Jose Muniz wrote:
> Hi guys,
>
> Well, I will say that it all depends; Depends on the router if it is a
> 1600 or a 7000, or a PIX? how much RAM? and so on. Encryption is CPU
> intensive and you'll need the RAM that can handle a large number of
> connections How many? I have not play with Xedia. However, you should
> be able to get the specs and figure out how much resources each
> connection uses, or by doing a load test and check your mesurements
> then figuring it out won't be as bad, you will find out that lots of
> memory will be used. Depends also on the frequency of the keying, so
> make the intervals larger if you have to. Also, you might want to use
> a fixed keying with the huge drawback of making it much more insecure.
> And by the same token pay attention to the authentication methods that
> you want to use. Using RSA signed certs, [if supported I don't know]
> and 1024 bit lenght, I don't think it will take very well the banging
> of 3000 concurent connections. And how scalable? mmmmm.... To make it
> scalable, then you need to look for a product that is policy config.
> based, and X509 certs so does not become a nightmare to administer all
> those 3000 concurrent users. So also pay attention if the product also
> supports other auth methods like radius or secure-ID.
>
> My point is that it is very hard for someone in Marketing to test a
> VPNwith 3000 concurrent connections and with random authentications to
> recreate the environment and the load of what really is 3000
> simultanious connections.
>
> Just trying to shade a bit on light..!
>
> Jose Muniz.
>
>
>
> Lowell Hanson wrote:
> >
> > Hi,
> >
> > Has anyone done a study, or had experience in comparing how Xedia and
> > Cisco scale as the VPN reaches 3000+ nodes on the Internet? We are
> > currently evaluating the two products but will only be able to set up 3
> > to 4 nodes on the Internet during the demo.
> >
> > Thanks!
> >
> > Lowell
> > --
> > ------------------------------------------------------
> > Lowell K. Hanson Senior Consultant Phone:703-817-0627
> > mailto:lkh at dgsys.com HTTP://www2.dgsys.com/~lkh
> > We can change the world, but must begin with ourselves"
> >
> > VPN is sponsored by SecurityFocus.COM
>
> VPN is sponsored by SecurityFocus.COM
>
--
Ryan McBride - mcbride at countersiege.com
Systems Security Consultant
Countersiege Systems Corporation - http://www.countersiege.com
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list