| To: | Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: PPP-over-L2TP kernel support, new patch for review |
| From: | Benjamin LaHaise <bcrl@xxxxxxxxx> |
| Date: | Tue, 21 Sep 2004 21:14:21 -0400 |
| Cc: | jchapman@xxxxxxxxxxx, davem@xxxxxxxxxxxxx, netdev@xxxxxxxxxxx, kleptog@xxxxxxxxx, mostrows@xxxxxxxxxxxxxxxxx |
| In-reply-to: | <E1C9tj0-0003KE-00@gondolin.me.apana.org.au> |
| References: | <20040921210427.GB19575@kvack.org> <E1C9tj0-0003KE-00@gondolin.me.apana.org.au> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.4.1i |
On Wed, Sep 22, 2004 at 09:07:06AM +1000, Herbert Xu wrote:
> Benjamin LaHaise <bcrl@xxxxxxxxx> wrote:
> >
> >> - Unlikely to integrate with the new native IPSEC stuff.
> >
> > L2TP over IPSEC? Are you insane? You'd not be able to terminate more than
> > a couple of dozen connections over it. =-)
>
> Why not? L2TP over IPsec is the only reason I'm looking at L2TP at all.
CPU load. The main reason I was forced to revisit L2TP (imo, it's a
horrible protocol that suffers from too many bad decisions) was in its
role for terminating DSL. In this case one expects to be able to have
tens of thousands of connections terminated by a single box, which
means pushing hundreds of megabits of traffic. The overhead of crypto
operations in such a scenario makes it a far too costly choice.
-ben
|
| Previous by Date: | Re: [PATCH + RFC] neighbour/ARP cache scalability, Harald Welte |
|---|---|
| Next by Date: | Re: "dst cache overflow", Harald Welte |
| Previous by Thread: | Re: PPP-over-L2TP kernel support, new patch for review, Michael Richardson |
| Next by Thread: | Re: PPP-over-L2TP kernel support, new patch for review, David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |