It’s a common misconception that you can only accept 64,000 connections per IP address and the only way around it is to add more IPs. This is absolutely false. The misconception begins with the premise that there are only so many ephemeral ports per IP. The truth is that the limit is based on the IP pair, or said another way, the client and server IPs together. A single client IP can connect to a server IP 64,000 times and so can another client IP.From Linux Kernel Tuning for C500k.
For data payloads in excess of the common TCP payload maximum segment size (the MSS) of 1460 Bytes, the IPSec bandwidth overhead using AES is approximately 9.32%. This equates to an ‘efficiency’ of 91.48% (1460/1596) – in other words, that’s how much bandwidth is left for actual data if you’re putting as much data in each packet as possible. Note however that as this packet size is larger than the typical IP (and Ethernet) MTU, it’s very unlikely that you’ll achieve this level of efficiency. As noted in the comments, the ideal MSS appears to be 1328 when using ESP.
Keep in mind that for very small data payloads (common with applications such as Telnet, TN3270 mainframe emulation and SSH) the IPSec bandwidth overhead can as high as 12,300%.
If you add TCP/IP and Ethernet (and VLAN tagging) into the mix (see the calculations from Wikipedia here) then the throughput of a 100Mb link is 100 x 0.92.64 (IPSec+AES efficiency) x 0.9733 (TCP/IP efficiency) x 0.9728 (Ethernet (with tagging) efficiency) which equals 87.71Mbps, a combined efficiency of 87.71%. assuming ideal conditions.Link: IPSec Bandwidth Overhead Using AES
Design and Implementation of OpenOSPFD by Claudio Jeker
Routing with OpenBSD using OpenOSPFD and OpenBGPD by Claudio Jeker (2006)
Presentation: 21C3 — OpenBGPD and OpenOSPFD by Henning Brauer
A Secure BGP Implementation by Henning Brauer
Implementing BGP in OpenBSD by Henning Brauer
Official homepage of OpenBGPD
BooksOpenOSPFD by Lambert M. Surhone, Mariam T. Tennoe, Susan F. Henssonow (Betascript Publishing)
Network Administration with FreeBSD 7 by Babak Farrokhi