Fwd: Q: Sizes of Existing and Planned Fully Meshed IPSEC VPN (Tunnel Mode)

[Rodney Thayer <rodney () tillerman to>]

I assume "fully meshed" means each node connects to each other
node, so each node has 109 tunnels (110 total).
I also assume "Cisco IPSEC based VPN" means IPsec (rfc 2401/2411/etc.)
and not MPLS-only.

In that case, 120 is not 'large' according to the vendor
community -- 'large' starts at around 5000 tunnels.  I suspect that,
in nature (or in the land of the Nanogians) that under 1000 is
more like a 'large' one.

On the other hand, drop one box with 119 tunnels set up and
restart it and time how long it takes to re-initiate all 119
tunnels, and you may very well be unhappy.

> From: "Tim Bass" <bass () silkroad com>

> We have a Cisco IPSEC based VPN with over 110 edge routers
> in a full tunnel-mode mesh, mostly 'big hunking routers' with
> average CPU utilization under 15 percent.     The VPN is
> controlled by a single organization, under centralized admin.