[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Options to consider [Re: tunneling [Was: Agenda for Vienna]]
On Wed, 2003-05-21 at 16:14, Brian E Carpenter wrote:
> But if every NAROS message needs to be digitally signed to
> prevent spoofing, that might change.
The study measures the number of NAROS requests sent by clients to the
NAROS server. With the site considered, the peak was about 300 messages
per minute, but usually 100 requests per minute during the business
hours. It should be noted that the study was done on a site without
firewall and where we receive lots of port scans that significantly
contribute to the load of the NAROS server. Of course, the CPU load
would be higher if the requests sent by the client or the responses sent
by the server need to be authenticated.
However, there are several features of NAROS that may improve the
scalability of the solution. First, the NAROS server is only used by the
clients inside the site. This means that if the site has a firewall
(this was not the case in our study), the firewall could easily block
all packets sent towards the NAROS server.
Second, the NAROS server does not maintain any state about the clients
and it is based on UDP. This means that several hosts could act as a
NAROS server by listening to an anycast address. This could easily
decrease the per-server load.
Best regards,
Olivier Bonaventure