| All Categories |
Primers
VPN, Firewall, Security ... |
Guides
HowTo, Choosing a VPN ... |
Reference
Articles, FAQs, Whitepapers ... |
Standards
Architectures, Protocols ... |
Downloads
VPN, Firewall, Security ... |
Products & Services
Hardware, Software, Services |
| Organizations |
Business
Market Research, Law ... |
| Forums |
News
Archive, Events, Newsletters ... |
|
|
| |
| VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News. |
|
|
|
|
ranjeet_barve
Member since:
2002-03-26 00:30:09 |  posted: 2002-03-26 00:45:26
Concurrent Tunneling in
VPNs
----------
"VPN allows up to 10,000
concurrent
tunnels."
Above is a
common phrase found in
many technical manuals of
networking
companies.
Please
could you define the
meaning of a "Concurrent
Tunnel"? What does it
mean when one opens
10,000 Concurrent
Tunnels? Is one referring
to opening 10,000
parallel Tunnels or
10,000 simultaneous
connections?
Please
could you specify a
standard metric followed
by companies in
calculating the number of
concurrent tunnels
supported.
( The above
question is with respect
to IPsec based VPN
Tunnels )
Please
help me find an
answer.
| phildom
Member since:
2001-11-20 10:00:00 |  posted: 2002-03-26 01:10:53
Concurrent Tunneling in
VPNs
----------
10,000 Concurrent VPN
tunnels mean that 10,000
users can theoretically
access the network via
the VPN
simultaneously.
i.e.
Joe, Randy, Sue,
Martha...employee10,000
can all access the
network at the same
time.
Does this
clarify?
| ranjeet_barve
Member since:
2002-03-26 00:30:09 | posted: 2002-03-26 02:39:49
Re: Concurrent Tunneling
in VPNs
----------
Thanx
Phildom,
Please
could you specify a
standard metric followed
by companies in
calculating the number of
concurrent tunnels
supported.
i.e what
are the standard
parameters which decide
the number of Concurrent
Tunnels a VPN
Supports?.
How does a
manufacturer derive a
conclusion that his VPN
product supports 10,000
tunnels?
Lets
suppose that our IPsec
performance is 250MBit/s?
Does this help in
deriving the number of
Concurrent Tunnels
supported.
Thanx,<
br>Ranjeet. | phildom
Member since:
2001-11-20 10:00:00 | posted: 2002-03-26 17:52:33
Concurrent tunneling in
VPNs
----------
I believe that the
bottleneck will first
occur in bandwidth rather
than in the number of
concurrent tunnels. As
far as I know, there is
no reason other than
bandwidth and processing
power of the VPN server
to restrict the number of
concurrent VPN tunnels.
You'll notice if you use
a Linux or OpenBSD "home
made" VPN solution, there
are no specified
restrictions when it
comes to concurrent VPN
tunnels. However, your
network and VPN
concentrator will quickly
get bogged down if you
have 100 people or 1000
people trying to initiate
VPN tunnels and your only
connection is a 1.5mbit
dsl line.
Does this
make sense?
I've
also asked some
colleagues for their
opinion so when I get a
response, I'll get back
to
you.
cheers,
Ph
il | ranjeet_barve
Member since:
2002-03-26 00:30:09 | posted: 2002-03-31 22:07:45
Re:Concurrent Tunneling
in VPNs
----------
Thanx Phil for the
reply,
I agree
with you that the
bandwidth available will
always be a bottleneck
when it comes to
supporting a specified
number of concurrent
tunnels.
At
present,with the
information that I have
gathered, I don't think
there is any standard
methodology followed by
companies in finding out
the ideal number of
Concurrent Tunnels
supported (assuming that
Bandwidth is not the
limiting factor). I think
most of the companies
talk about the ideal case
where they assume
infinite bandwidth.
This is what i
found on a
site.
"Concurrent
VPN Tunnels
specifications refer to
the total number VPN
tunnels that can be
maintained between a
single VPN gateway and
peer VPN devices. Peer
devices may include
either remote access VPN
clients or VPN gateways.
This number is dependent
upon the amount of memory
available in the VPN
appliance or server. A
VPN-1/FireWall-1 system
with 512 MB of memory can
support up to 20,000
tunnels. Keep in mind,
however, that since each
tunnel consumes a certain
amount of bandwidth,
throughput limits may be
reached before concurrent
VPN tunnel limits. For
example, if each tunnel
consumes an average of 10
Kbps, 10,000 tunnels
require 100 Mbps of
network
bandwidth."
I
suppose here they are
referring to the number
of bi-directional SAs
that can be stored in the
512Mb of memory to be the
limiting factor for the #
of Concurrent
Tunnels.
Please
let me know your
opinion??
Regards,
Ranjeet. |
|
