North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Fwd: Q: Sizes of Existing and Planned Fully Meshed IPSEC VPN (Tunnel Mode)

  • From: Rodney Thayer
  • Date: Tue Oct 23 20:00:27 2001

I assume "fully meshed" means each node connects to each other
node, so each node has 109 tunnels (110 total).
I also assume "Cisco IPSEC based VPN" means IPsec (rfc 2401/2411/etc.)
and not MPLS-only.

In that case, 120 is not 'large' according to the vendor
community -- 'large' starts at around 5000 tunnels.  I suspect that,
in nature (or in the land of the Nanogians) that under 1000 is
more like a 'large' one.

On the other hand, drop one box with 119 tunnels set up and
restart it and time how long it takes to re-initiate all 119
tunnels, and you may very well be unhappy.

From: "Tim Bass" <[email protected]>

We have a Cisco IPSEC based VPN with over 110 edge routers
in a full tunnel-mode mesh, mostly 'big hunking routers' with
average CPU utilization under 15 percent.     The VPN is
controlled by a single organization, under centralized admin.