nanog mailing list archives
Re: Gig Throughput on IPSEC
From: Joakim Aronius <joakim () aronius com>
Date: Thu, 12 Nov 2009 08:46:41 +0100
* Truman Boyes (truman () suspicious org) wrote:
an SRX 3400/3600 you can scale up the performance of IPSEC VPN throughput with additional SPCs. You should be able to scale to over 6Gbps of IPSEC with enough SPCs. Truman
Yes, the SRX line of products is the most future-proof way to go. I had a meeting with Juniper technical sales a short while ago and they also stated that "performace figures of the SRX is more in line what you get in real deployments" (compared to the ISG and NS marketing material which have IPsec throughput figures which you probably not will see in the field, same as most vendors). In the ISG and NS series you also need to be aware on capacity limitations in the cards and the backplane. ...and as no one else has commented on L2 security devices I assume that there is not many products for this (IEEE 802.1AE MAC Security). But on the other hand I suppose that there is mostly L3 people on this list and that the Metro Ethernet folks hangs elsewhere.. (I would go for IPsec.) Cheers, /Joakim
Current thread:
- Gig Throughput on IPSEC adel (Nov 11)
- Re: Gig Throughput on IPSEC Brad Fleming (Nov 11)
- Re: Gig Throughput on IPSEC Truman Boyes (Nov 11)
- Re: Gig Throughput on IPSEC Joakim Aronius (Nov 11)
- Re: Gig Throughput on IPSEC Truman Boyes (Nov 11)
- <Possible follow-ups>
- Re: Gig Throughput on IPSEC adel (Nov 11)
- Re: Gig Throughput on IPSEC Jian Gu (Nov 11)
- Re: Gig Throughput on IPSEC Florian Weimer (Nov 12)
- Re: Gig Throughput on IPSEC Brad Fleming (Nov 11)