Testing the NetVanta 4305's IPSec wares

In addition to its routing duties, the Adtran NetVanta 4305 also can function as an IPSec VPN gateway when equipped with an optional enhanced feature pack. This configuration is useful when connecting branch offices using IPSec tunnels or giving remote users secure access to enterprise networks. (Adtran sells an IPSec client software client for the latter purpose.)

We measured the scalability of the NetVanta 4305 router by attempting to establish 1,000 IPSec tunnels, its maximum rated capacity, and trying to send data through all tunnels using Spirent's TeraVPN application.

The NetVanta 4305 brought up 996 of the 1,000 tunnels we attempted to set up. The remaining four tunnels never were established because of timeouts.

While no tunnel failure is desirable, network managers might be willing to live with the relatively low failure rate, especially because VPN gateways devices seldom operate at 100% of capacity.

It is also worth noting that we used the most stressful combination of authentication and encryption algorithms in our tests - secure hashing algorithm 1 (SHA-1) for message authentication and 256-bit Advanced Encryption Standard (AES-256) for encryption. It is possible the NetVanta 4305 would have set up the maximum 1,000 tunnels with a less stressful authentication or encryption methods, but we did not verify this.

Back to test: "Adtran serves up newest low-cost router"

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.