Menu
▾
▴
Re: [IPCop-devel] Fwd: [Openvpn-users] OpenVPN Scalability
|
From: Mark W. <ma...@wo...> - 2008-09-30 18:20:01
|
John, When comparing OpenVPN to a simple ssl webserver in setting up and transmitting, you need to consider several things. Some of my thoughts: - First is the feasibility. 30,000 users should map to no more than 30,000 sockets with OpenVPN. While this is huge, it does not go anywhere near the 65535 limit. You may need to do some specific sysctl kernel tuning for so many open sockets (use Google). The overhead with SSL is not too high - it's more in setting up new connections than in throughput. But, you didn't state how much bandwidth you're planning for these users. The 2.0 release notes state that it should be ready for hundres of thousands of users. - Second, what do your users expect. OpenVPN is not exactly proven software for this many users, which means that you can run into any number of glitches that's yet undiscovered. Personally, I'd always go for a hardware concentrator for this many connections. The Juniper SSL VPN is often used. But, if you're determined to go the OpenVPN way, I'd get an OpenVPN coding expert involved for the first couple of months while you're scaling up. This may be cheaper than a hardware concentrator. - Third, with this many users, I'd setup for a scalability test. As SSL is mostly symmetrical, it should be possible to simulate this many users from a limited number (5?) of desktops given the right scripts. Kind regards, Mark Wormgoor john s wolter wrote: > Here's a copy of a thread that just started on the openvpn-users list > today about scaling for 30,000 users. I see two questions. The first > is about openvpn's ability to perform the setup of each tunnel. What > increments of performance are needed to perform that operation. This > question is more in the domain of openvpn's responsibilities. > > The second more important to IPCop is running such a large number of > connections at the same time. I too want a way to judge the performance > needs for a given installation. Is there any kind of software > instrumentation, profiling, or even rules of thumb that could be used to > answer performance questions? > > > ---------- Forwarded message ---------- > From: *Steven Evans* <st...@ne... > <mailto:st...@ne...>> > Date: Tue, Sep 30, 2008 at 10:59 AM > Subject: [Openvpn-users] OpenVPN Scalability > To: ope...@li... > <mailto:ope...@li...> > > > Hi guys > > I have a project coming up that is looking for a VPN solution to be > present for a large amount of concurrent users. > > There does not seem to be much documentation or discussion out there > about the maximum amount of simultaneous users connected to a single > OpenVPN server. The closest I've seen is someone saying that it is > limited on file handles. > > If I were to get a dual quad core box with lots of RAM and a big enough > link, would it be possible to get 30,000 users and more running > simultaneously on that box? Has it ever been attempted? > > -- > > Cheers, > Steve > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > <http://moblin-contest.org/redirect.php?banner_id=100&url=/> > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > <mailto:Ope...@li...> > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > > -- > John S. Wolter President > Wolter Works > Mailto:joh...@wo... <mailto:joh...@wo...> > Desk 1-734-665-1263 > Cell: 1-734-904-8433 > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > IPCop-devel mailing list > IPC...@li... > https://lists.sourceforge.net/lists/listinfo/ipcop-devel |