[Openswan dev] Small optimisation for lots of interfaces
Ken Bantoft
ken at xelerance.com
Thu Nov 24 23:24:33 CET 2005
On Thu, 24 Nov 2005, David McCullough wrote:
> Jivin Michael Richardson lays it down ...
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>>>>>> "David" == David McCullough <davidm at snapgear.com> writes:
>> David> counts using OpenSwan. I have run over 1000 simple tunnels
>> David> between two hosts using freeswan (ie., single SA for all
>> David> tunnels), but pluto seems to get unstable with much over 200
>> David> truly independant tunnels. Has any one else has this
>> David> experience ?
>>
>> Define "unstable".
>
> Using simple tunnels (ie., same two hosts, same secret, lots of networks)
> I have seen the following pluto silently exit sometime between 1000 and
> 2000 tunnels. I cannot remember f I saw it crash or not in this
> scenario. Each tunnel was exercised as it came up to enure data would
> pass through ok.
Just finishing bringing up 5080 tunnels (/32 to /32's). Certainly took
awhile, but they connected up okay. They were between 2 hosts, so shared
the same ISAKMP SA. Also didn't test traffic, as I didn't have a spare
box to throw in my basement, and nor could I get one in place today at the
colo (1 peer in Toronto on DSL, one in Amsterdam @ xs4all).
> Unfortunately the other developer who was testing a true star topology
> is out today so I could not confirm the details. But IIRC, somewhere
> around 300 truly different tunnels (different hosts/secrets/certs) pluto
> would either crash or exit (not sure which).
I'm going to see if I can do something better next month to generate more
variants on the connections.
Ken
More information about the Dev
mailing list