OoO La nuit ayant dij` recouvert d'encre ce jour du jeudi 10 ao{t
2006, vers 23:10, Joachim Schipper <j.schipper@math.uu.nl> disait:

> What problem do you want to solve? I already mentioned that the
> performance saving of on-demand start is negligible, if not negative;
> and I've heard tales of OpenBSD systems handling 20 or even 50 tunnels
> just fine (though there is still a limit to what standard hardware can
> do, just keeping tunnels open and routing some light traffic shouldn't
> be a problem; sustaining gigabit speeds over all those tunnels isn't
> going to happen without specialized stuff, though.)

Here, we are handling 100 active tunnels without any problem. We have
500+ tunnels in isakmpd.conf (peers of tunnels are laptops, they are
not necessary online). All this was running on a 1 GBps link (not
saturated) on a Celeron 2.4 Ghz. We have upgraded to a 2 GHz Opteron
to lower the load.
--
BOFH excuse #397:
T-1's congested due to porn traffic to the news server.