[Swan] Maximum number of IPSec Tunnels

Paul Wouters paul at nohats.ca
Tue Nov 24 16:05:20 UTC 2015


On Fri, 20 Nov 2015, Rohan Shethia wrote:

> I wanted to know what is the maximum number of IPSec tunnels supported by Libreswan.

The number of tunnels does not matter. IKE packets happen once an hour
per tunnel. The real CPU usage is the actual encrypted traffic, so
that is the only maximum you will hit.

And that partially depends on hardware and partially onl cipher
selection of ESP. If you have AESNI hardware and use aes_gcm, we
have pushed 5.25 Gbits/sec for a single IPsec SA (when having multiple
tunnels, it should get better because different SA's run on different
CPU's). Note that the nic hardware and tuning also matters a lot.

See https://libreswan.org/wiki/Benchmarking_and_Performance_testing

Paul


More information about the Swan mailing list