Hardware Requirements for Gb/s VPN AES-256-CBC
-
…a vpn router that can handle this {1 Gb/s line} without causing latency...
A vpn also means encryption. The more the better.
How is that supposed to be done without introducing latency? Number crunching in zero time has yet to be invented.… future proof ... able to handle 10 gb/s to 4 gb/s ... while keeping costing down
You forgot "low power", didn't you?
Sure this can be done with specialized hardware. Not with i386/x64 hardware and software available in 2016.
We max out at 4Gb/s IIRC. jwt had a lengthy post about that you may want to search this forum for. -
I didn't see this post you speak of. Also, I thought it would be obvious I was asking what hardware is needed so that the vpn router does not become a bottleneck.
-
Would this be a cheap way to make a router capable of doing this?
Using http://www.ibuypower.com/Store/Intel-X99-Core-i7-Configurator at either 6x i7 6800k 3.4 GHz or 6x i7 6850k 3.6 GHz
-
Case :: Chimera 5 - Snow Edition
LED Fan Lighting
Case Lighting
Processor Cooling :: Asetek 510LC Liquid CPU Cooling System [SOCKET-2011]
Video Card :: NVIDIA GeForce GTX 1060 - 6GB (VR-Ready)
M.2/PCI-E SSD Card :: None
Primary Hard Drive :: 1 TB HARD DRIVE – 32MB Cache, 7200RPM, 6.0Gb/s - Single Drive
Optical Drive :: 24x Dual Layer DVD±R/±RW + CD-R/RW Drive - Black -- Free Upgrade to 14X LG Blu-ray Re-writerNetwork Card :: Onboard LAN Network (Gb or 10/100)
Subtotal :1399
You wanna impress someone or need a capable unit?
If you really want to burn money: https://store.pfsense.org/XG-1541-1U-pfSense-Security-Gateway-Appliance-P88.aspx
Otherwise: https://store.pfsense.org/SG-8860-1U/ or even https://store.pfsense.org/SG-4860/Edit: They can even paint it nicely if that's what you want: https://pbs.twimg.com/media/Csg0Dc5VUAAX7mh.jpg
Forget about 4Gb/s or even 10Gb/s routing in 2016. Buy such a system when/if you need it. Future-proofing won't work while hardware performance is still bound to Moore's law.
-
I didn't see this post you speak of.
https://forum.pfsense.org/index.php?topic=113862.msg634832#msg634832
Also, I thought it would be obvious I was asking what hardware is needed so that the vpn router does not become a bottleneck.
Obviously your expectations are a bit over the top, don't you think?
VPN without latency is impossible
Shopping for future 10Gb/s routing doesn't make sense when you have a 1Gb/s line currently.
Ever thought about power consumption?
… -
Case :: Chimera 5 - Snow Edition
LED Fan Lighting
Case Lighting
Processor Cooling :: Asetek 510LC Liquid CPU Cooling System [SOCKET-2011]
Video Card :: NVIDIA GeForce GTX 1060 - 6GB (VR-Ready)
M.2/PCI-E SSD Card :: None
Primary Hard Drive :: 1 TB HARD DRIVE – 32MB Cache, 7200RPM, 6.0Gb/s - Single Drive
Optical Drive :: 24x Dual Layer DVD±R/±RW + CD-R/RW Drive - Black -- Free Upgrade to 14X LG Blu-ray Re-writerNetwork Card :: Onboard LAN Network (Gb or 10/100)
Subtotal :1399
You wanna impress someone or need a capable unit?
If you really want to burn money: https://store.pfsense.org/XG-1541-1U-pfSense-Security-Gateway-Appliance-P88.aspx
Otherwise: https://store.pfsense.org/SG-8860-1U/ or even https://store.pfsense.org/SG-4860/Edit: They can even paint it nicely if that's what you want: https://pbs.twimg.com/media/Csg0Dc5VUAAX7mh.jpg
Forget about 4Gb/s or even 10Gb/s routing in 2016. Buy such a system when/if you need it. Future-proofing won't work while hardware performance is still bound to Moore's law.
Wouldn't a continuous load of 1 GB/s AES-256-CBC up and down ( so 2 GB/s ) be to much for a 4 core 2.4 GHz router? Isn't a single VPN down stream done in only 1 CPU so you can't have the other CPU help with the computation power? Wouldn't the round trip encryption be done in 2 of the CPUs while the other 2 don't get used much? I ask because i see people saying they achieved 100 Mb/s (not sure if round trip or one way) with duel core 1.86 GHz routers.
I'm trying to be sure that this will work.
-
I don't seem to remember correctly that you first mentioned internet for a dorm with a few guys, a hobbyist project.
Do you really need to push encrypted 1Gb/s up and down simultaneously?
-
I don't seem to remember correctly that you first mentioned internet for a dorm with a few guys, a hobbyist project.
Do you really need to push encrypted 1Gb/s up and down simultaneously?
Yes, I have to push both simultaneously.
-
Go with the XG-1541 Appliance then.
-
Go with the XG-1541 Appliance then.
OpenVPN can not spread its load over multiple cores. A 2 GHz core has no chance of pushing that kind of data.
-
Yes, I have to push both simultaneously.
You will be also able to place VPN Servers inside of the DMZ. We use CentOS and SoftEtherVPN (Server)
for that together with different cards that are supported well under Linux.- CentOS
- SoftEtherVPN
OpenVPN VPN Server: - Comtech AHA363PCIe (only for OpenVPN)
IPSec VPN Server: - Comtech AHA604 (only for IPSec VPN)
-
@BlueKobold:
Yes, I have to push both simultaneously.
You will be also able to place VPN Servers inside of the DMZ. We use CentOS and SoftEtherVPN (Server)
for that together with different cards that are supported well under Linux.- CentOS
- SoftEtherVPN
OpenVPN VPN Server: - Comtech AHA363PCIe (only for OpenVPN)
IPSec VPN Server: - Comtech AHA604 (only for IPSec VPN)
What are you trying to say?
-
What are you trying to say?
That we are running Intel Xeon VPN Servers together with plug in cards to realize a set up such
you want it and I mean not only on one side! This GB VPN (symetric) stuff is nothing to deal with
cheap and fancy devices or tiny hardware what home users and/or hobbyists are using! That is
what I want to say with that above! It is something around ~900 € for each server and each side
what we was deploying and we get no something around of ~840 MBit/s - 920 MBit/s, plus on top
counting the TCP/IP overhead and this might be for 24/7 in a commercial network.
