[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPsec, IKE, and Key Management Scaling?
How well does IPsec and the related key management technology scale
into the mass market? At Telcordia we're trying to gather some
technical data in that area, and would be delighted to hear from/share
with anyone who has experience-based measurements and implementation
projections along the following lines:
What is the memory footprint for each 10,000 simultaneous sessions in a
server running IPsec to protect VoIP services? Assume some sort of X.509v3
certificates are used throughout.
If those N*10,000 sessions are lost and simultaneously recovered,
say in a regional power outage and restoration, what is the elapsed
time (or number of server CPU cycles) taken after power restoration
and until full N*10,000 session restoration has been achieved?
Assume that the centralized server stays up, but the distributed
endpoints all need restarting and all ask for session
re-initialization simultaneously. A big voice end office can
handle about 50,000 telephone lines, so N=5 would be a wonderful
datapoint for comparison.
How much of the memory and CPU burden above is due to IPsec proper,
and how much to the key management and policy management processing
on the centralized server? Are their obvious optimizations that
are available to the industry but not quite yet incorporated into
current IPsec products and stacks?
Some VPN and encrypted networking systems suffer a form of
deadly-embrace in wide area recovery - protection timers timeout
while awaiting successful recovery of the protected sessions,
maintenance code then interprets this as a localized failure, and
the session creation is abandoned and the whole process is
endlessly restarted. Are there potential problems like this with
large scale IPsec systems, or more likely with the applications
code expecting to run with IPsec systems? How should
deadlock/livelock protection timeouts be set as a function of IPsec
deployment scale and options?
What data exist on life-cycle labor costs for IPsec and key
management infrastructure? As a rule of thumb, how many full time
equivalent staff are needed to administer key management (including
CRL processing) and policy/configuration management per 10,000
secured hosts? At the client side, how much capital and
minutes-per-year of user time is required to prevent the
client-side private key from being used inappropriately, say by
anyone/anything other than the intended secured user?
Any discussion of these points is welcome, public or private. Please
note that none of the material above really depends on the actual
encryption/authentication performance - it is all based on the
processing needed to create and maintain session state. If someone
has a reply of the kind "It depends on what you assume as ...", please
make your own assumption based on best commercial practice and feel
free to reply to the modified question. If I've missed some seminal
analysis in the literature that covers this material already, my
apologies to all. A lot of discussion seems to assume particular
answers to the questions above, but I've never seen an authoritative
reference.
I'll be delighted to summarize all responses and make them available
on request.
Gary A. Hayward
Telcordia Technologies