[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    IPSec question
From:       "Russell P. Sutherland" <russ () quist ! ca>
Date:       2001-02-28 13:56:11
[Download RAW message or body]

I am about to recommend a collection of OpenBSD machines
to serve as VPN (IPSec/isakmpd) gateways for N nodes
on a WAN. In my case N ~ 50 and each node will have a T1/E1 connection
to the Internet. The network will be for all intents and purposes
fully meshed.

Given that there are some scaling problems with this type of
VPN implementation are there any performance issues with
this scale of network? I will be using Intel PIII 800 machines
at each node?

If you have any operational experience with this type of network
please let me know.

In addition, does anyone know what size/model dedicated networking
gear (e.g. Cisco) would be required  to handle this number of
VPN connections.

MPLS also is an option, but I'm not sure how mature this
technology is. Furthermore I'm not certain that all N nodes
can get connections to the same MPLS activated ISP.

-- 
Quist Consulting		Email: russ@quist.ca
219 Donlea Drive 		Voice: +1.416.696.7600
Toronto ON  M4G 2N1		Fax:   +1.416.978.6620
CANADA				WWW:   http://www.quist.ca

[prev in list] [next in list] [prev in thread] [next in thread]