Dear Charles:
Thank you *very* much for the offer. Right now they are in the process of
getting the T-1 line provisioned (still 30+ days away, courtesy of Verizon);
and as they get closer to deciding on whether they want a VPN channel between
their offices I'll shepherd them towards this.
[By the way, you're probably wondering why they would need a dual CPU
encryption appliance: The firm is a service bureau, scanning in over 100,000
documents per day - About 5 gigabytes per day. Then, they send the image files
to Manila, where a crew of 200 operators key in and verify the data (sort of a
"manual OCR"), then FTP the text back to NJ where it's put on disk or tape for
the customer. Right now, they're sending a DVD every day via DHL to Manila
with the scans: It's actually slightly cheaper than a T-1; but they lose a
day. Basically, with T-1 lines on both ends (they are 4 miles from the
Pennsauken peering point) the 1.544 megabit line will be fully loaded for 11
hours just transmitting the data. Where the encryption (VPN circuit) comes in
is that some of the customers are financial institutions, and it's a selling
point in the highly competitive business.]
Again, thank you *very* much for pointing me in the right direction!
Dan Schwartz
PS: I'm subscribed in individual message mode, so I don't need CC's
-> Sign up for the Mac-NT Mailing List at:
<http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=Mac-NT&text_mode=>
>-----Original Message-----
>From: Charles Steinkuehler
>Subject: Re: [Leaf-user] Starting from scratch to build a high capacity
>VPN tunnel appliance, part 2
>
>
>> Well, it looks like at least part of the capacity answer was in the Linux
>> FreeS/WAN Compatibility Guide, right above the crypto hardware section at:
>>
><http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/compat.html#multipr
ocessor>,
>>namely the dual processor option. I've long used dual CPU machines
>> with NT4 & NT5, all the way back to dual PPro machines.
>>
>> On the other hand, the article cited above glosses over a problem with
>> multiple CPU's: The linux 2.2x kernel does *not* have a multithreaded IP
>> stack. If you remember about 2� years ago, NetCraft had a "shootout"
between
>> NT4/IIS and linux 2.2x/apache, on quad Xeon Dell's... And IIS blew apache
out
>> of the water as the load increased. As it turns out after long analysis,the
>> bottleneck was the IP stack only using one CPU; and the problem wasn't
>>fixed until the v2.4 kernel was released.
>>
>> As I look at the FreeS/WAN documentation with an eye towards a dual
CPU
>> mobo, I notice that it still uses the 2.2x kernel, which means I lose the
>> symmetric multiprocessing capacity, and end up somewhere between NetWare 4
>>and MacOS 9 running on dual CPU boxes.
>>
>> Are there any FreeS/WAN implementations using the v2.4x kernel?
>
>Not in the LEAF perview, but if you're willing to do a bit of work (see
>Jacque Nilo's posts about using an unpatched 2.4 kernel) or forgo
>automatically backing up root, I'll build you a 2.4 kernel with the IPSec
>patches applied...maybe even an experimental CD-Rom image.
>
>Charles Steinkuehler
>http://lrp.steinkuehler.net
>http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
