[vpn] metrics for vpn sessions

Phil McGarr phil at vpnlabs.org
Tue Mar 26 20:11:04 EST 2002


Sandy,
I'm very interested, along with our readers ;>, to learn about the
possibility of doubling throughput by running AES rather than 3DES.
If you have more resources I'd really like to take a look at them.

thanks,
Phil

Phil McGarr
VPN Labs
http://www.vpnlabs.org/


-----Original Message-----
From: Sandy Harris [mailto:sandy at storm.ca]
Sent: Tuesday, March 26, 2002 7:16 PM
To: Phil McGarr
Cc: vpn at securityfocus.com
Subject: Re: [vpn] metrics for vpn sessions


Phil McGarr wrote:
>
> Greetings,
>
> I've been asked the following question:
> What metrics are companies using when the say "1,000 concurrent VPN
> tunnels?"
>
> This spawned some of my own questions:
> Is the number of concurrent tunnels possible limited by bandwidth to the
VPN
> server rather than some algorithmic restriction?
> Are VPN companies arbitrarily restricting the number of tunnels so that
they
> can sell upgraded versions when people need to allow more users onto their
> VPN network?
>

I'm not sure it'll be much help, but there's some related info
and a bunch of links at:
http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/performance.html

Ask off-list and I can send you a more current version.

The only important change is a link to some user benchmarks indicating
that replacing 3DES with AES roughly doubles IPsec throughput. These
are preliminary results; we don't yet have enough data to be precise
or confident about this.

VPN is sponsored by SecurityFocus.com


VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list