[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec
Subject:    Re: How many spd recrds ?
From:       Stephen Kent <kent () bbn ! com>
Date:       2001-09-20 15:49:26
[Download RAW message or body]

At 5:21 PM +0430 9/20/01, mahdavi wrote:
>Hi Derek.
>I did not asked about theorical maximum.
>I just said "Typicaly how many SPD  records are reqired ?".
>
>In Other sentence I said "I want to have an estimation of maximum SPD
>records that an administrator may  defines".
>
>It is funny to think an administrator may define 2^32 firewall rules; and I
>know that.
>
>I mean regularly ( in average , typically  , ... ) how many SPD record may
>an administrator define.
>
>Best regards
>mahdavi.
>

there is no simple answer to the question you asked.   The number of 
SPD entries is a function of the local access control policy and the 
breadth of connectivity.  A company using IPsec for an intranet VPN 
might have very different SPD sizes from a company using IPsec to 
support lots of dialup road warriors or telecommuters.  In many 
instances your question is very analogous to asking what is the 
typicaly number of filter rules in a firewall.  I think you will find 
significant variation in the answer to that question as well.

Steve

[prev in list] [next in list] [prev in thread] [next in thread]