Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Q: Sizes of Existing and Planned Fully Meshed IPSEC VPN (Tunnel Mode)

  • From: Joe Rhett
  • Date: Sat Nov 03 19:57:42 2001 
> I assume "fully meshed" means each node connects to each other
> node, so each node has 109 tunnels (110 total).
> I also assume "Cisco IPSEC based VPN" means IPsec (rfc 2401/2411/etc.)
> and not MPLS-only.
> 
> In that case, 120 is not 'large' according to the vendor
> community -- 'large' starts at around 5000 tunnels.  I suspect that,
> in nature (or in the land of the Nanogians) that under 1000 is
> more like a 'large' one.
 
Hardly. Until the very latest T-code releases, there was a hard limit of
200 on the number of open SAs any IPSec router could have open. 200 routers
talking fully meshed is impossible, nevermind 5000. If communications are
opened in 2 directions, 100 routers with a single access-list entry
identifying the other site was the max.

-- 
Joe Rhett                                                      Chief Geek
JRhett@ISite.Net                                      ISite Services, Inc.


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.