Answers to your Questions

Do you have numbers for VPN scalability expectations?

VPN scalability is of particular interest to service providers, since VPN service revenue is directly related to the number of VPN customer sites a device can support. Examples of VPN services are RFC 2547 bis BGP/MPLS VPNs and L2TP VPNs. For BGP/MPLS VPNs, a provider edge (PE) router must maintain a separate VPN routing and forwarding table (VRF) for each customer. PE devices are expected to support thousands of VRF tables. With L2TP VPNs, where L2TP tunnels represent different VPN customers (or, more likely, different geographically dispursed clients for the same customer), and each L2TP tunnel can carry thousands of PPP sessions, tunnel scalability expectations currently range from a few thousand to 10,000 per port.

VPN tunnel 'setup rate' is another important factor. If a thousand people are on a link that goes down, reconnecting them quickly is of vital importance. Service providers would like to see setup rates of 50 to 400 authenticated sessions/tunnels per second. VPN frequency of change rate (additions and removals of sites per unit of time) is also key. For example, the Internet draft, "Service requirements for Layer 3 Provider Provisioned Virtual Private Networks" (draft-ietf-ppvpn-requirements-04.txt), estimates that as many as 1,000,000 VPN changes per year will occur across all service providers by 2005. The same draft predicts that service providers will need to support approximately 10,000 VPNs by 2005, with the number of interconnected sites per VPN ranging from just a few to 50,000, depending on the customer organization.