Re: [Design] IPSec in 2.5 Kernel?

-----BEGIN PGP SIGNED MESSAGE----- On Thu, 20 Mar 2003, Paul Wouters wrote:

> > ad infinitum. On the other end, watch the big server setting up

My experience is similar - I've been running 1.98b w/Full OE on a production box since August of 2002. This is a pretty normal box - serves http, ftp, mysql and smtp for about 20 "customers", most of which have small websites, and one streaming mp3 service.

I usually have around 100 %pass routes, and 2-5 OE enabled clients at any given time. I've been meaning to wrap "ipsec eroute" for processing by mrtg to get some nice stats - I should get to doing that next week. System load is negligable. Pluto is using 1068k accoring to top.

I also see the major overhead being logging. Perhaps a "log only OE DNS failures" mode would minimize this.

• -- Ken Bantoft The Unoffical FreeS/WAN Site: ken(at)freeswan.ca http://www.freeswan.ca PGP Key: finger ken@bantoft.org The memory management on the PowerPC can be used to frighten small children. -- Linus Torvalds

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPnpjzliWUusaxGxpAQG7LgP/XTkTopcei8s54dE9GqIHxXu4ZDUUxLKc kPlyCiAP5JdfuIWl2fhG8++vOe/ETGECEskK1F/CihEEM2BzI35ULPVHhc/Vhyd4 AX6SwrXEkjudb5GalUaAKR/AVnMG9fg8vd5ujNMzI/vbjLoA3tTahs/t9zTOHXSM 5yh4NZldlB8=
=TPk4
-----END PGP SIGNATURE-----