Re: How many spd recrds ?

[Stephen Kent <kent@bbn.com>]

At 5:21 PM +0430 9/20/01, mahdavi wrote:
>Hi Derek.
>I did not asked about theorical maximum.
>I just said "Typicaly how many SPD  records are reqired ?".
>
>In Other sentence I said "I want to have an estimation of maximum SPD
>records that an administrator may  defines".
>
>It is funny to think an administrator may define 2^32 firewall rules; and I
>know that.
>
>I mean regularly ( in average , typically  , ... ) how many SPD record may
>an administrator define.
>
>Best regards
>mahdavi.
>

there is no simple answer to the question you asked.   The number of 
SPD entries is a function of the local access control policy and the 
breadth of connectivity.  A company using IPsec for an intranet VPN 
might have very different SPD sizes from a company using IPsec to 
support lots of dialup road warriors or telecommuters.  In many 
instances your question is very analogous to asking what is the 
typicaly number of filter rules in a firewall.  I think you will find 
significant variation in the answer to that question as well.

Steve

---

References:

• How many spd recrds ?
• From: mahdavi@sepahan.iut.ac.ir
• Re: How many spd recrds ?
• From: Derek Atkins <warlord@mit.edu>
• Re: How many spd recrds ?
• From: James Tiller <tiller@lucent.com>
• Re: How many spd recrds ?
• From: Derek Atkins <warlord@mit.edu>
• Re: How many spd recrds ?
• From: "mahdavi" <mahdavi@sepahan.iut.ac.ir>

---

• Prev by Date: Re: How many spd records ?
• Next by Date: Re: Data structure for SPD policies
• Prev by thread: Re: How many spd recrds ?
• Next by thread: rsa encryption and signature keys - IKE
• Index(es):
  • Main
  • Thread