[vpn] metrics for vpn sessions

Christopher Gripp cgripp at axcelerant.com
Tue Mar 26 20:18:48 EST 2002 

Another point I forgot to mention is the definition of the term 'tunnel'  A year or two ago I would see vendors refer to this but it was misleading because each VPN Endpoint is comprised of 2 such 'tunnels'.  1 for Key Exchange and 1 for the encrypted data stream.  So when XYZ vendor would say 10,000 simultaneous tunnels it was in reality 5000 VPN endpoints. 

The other thing I see is 'users'.  This is actually a limit on the number of IP addresses that can concurrently have sessions through the VPN device.  A perfect example is the NetScreen 5XP.  It is limited to 10 IP's.  However, for an additional sum of money you can unlock that feature and get what they call an ELITE license.

Generally speaking though the limit on SA's, TCP/UDP sessions, policy numbers, routes, etc are memory issues.  



Christopher Gripp 
Systems Engineer 
Axcelerant

"Impartiality is a pompous name for indifference, which is an elegant name for ignorance."  G.K. Chesterton

> -----Original Message-----
> From: Christopher Gripp 
> Sent: Tuesday, March 26, 2002 4:20 PM
> To: Phil McGarr; vpn at securityfocus.com
> Subject: RE: [vpn] metrics for vpn sessions 
> 
> 
> The number of tunnels isn't necessarily limited by the 
> bandwidth.  However, as with ANY network service, bandwidth 
> is going to impact the performance of those services.
> 
> Yes.  Some VPN companies limit the # of tunnels, although I 
> wouldn't necessarily say arbitrarily, so they can sell 
> upgraded versions.
> 
> 
> 
> Christopher Gripp 
> Systems Engineer 
> Axcelerant
> 
> "Impartiality is a pompous name for indifference, which is an 
> elegant name for ignorance."  G.K. Chesterton
> 
> > -----Original Message-----
> > From: Phil McGarr [mailto:phil at vpnlabs.org]
> > Sent: Tuesday, March 26, 2002 3:46 PM
> > To: vpn at securityfocus.com
> > Subject: [vpn] metrics for vpn sessions 
> > 
> > 
> > Greetings,
> > 
> > I've been asked the following question:
> > What metrics are companies using when the say "1,000 concurrent VPN
> > tunnels?"
> > 
> > This spawned some of my own questions:
> > Is the number of concurrent tunnels possible limited by 
> > bandwidth to the VPN
> > server rather than some algorithmic restriction?
> > Are VPN companies arbitrarily restricting the number of 
> > tunnels so that they
> > can sell upgraded versions when people need to allow more 
> > users onto their
> > VPN network?
> > 
> > Any help?
> > 
> > tia,
> > 
> > Phil
> > 
> > Phil McGarr
> > VPN Labs
> > http://www.vpnlabs.org/
> > 
> > 
> > VPN is sponsored by SecurityFocus.com
> > 
> > 
> 
> VPN is sponsored by SecurityFocus.com
> 
> 

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list