GETVPN Key Server Sizing Guidelines.

Ahmed Raafat · ‎12-21-2015

Hi,

Can anyone tell me how can I size a router to perform as GETVPN key server? and I need to know what's the equivalent 4K router to 2951 if i'm planning to use it as key server.

Thanks.

keglass · ‎01-05-2016

Ahmed,

I recommend you also post this question to the Cisco Support Community in the VPN space (VPN | Cisco Support Community). You may also find the information you requested there.

I hope this helps - thank you for participating in the community.

Kelli Glass

Moderator for Cisco Customer Communities

jonathan.cuthbert · ‎05-13-2017

I've always been a bigger fan of DMVPN or FlexVPN, and have not worked much with GET VPN. That being said, there are many design documents out there. Here is one.

Here is the excerpt:

KS selection depends largely on the required network scalability (the number of GMs supported in a group). The limiting factors in KS scalability are the registration rate (how quickly GMs can register with a KS) and the ability of the KS to handle rekeys to maintain GM synchronization.

By far, the registration rate is the single most important factor in the KS selection process. The goal of KS server selection for a specific network is to keep registration time low so that, in case of KS rekey failure, GMs can reregister within a reasonable time and continue to forward data without disruption.

We don't have enough information. Are you using PKI or PSK? How many "tunnels" do you need to support?