Absolutely agree with Bruce. For your particular setup, it would be best to use two pseudowires (A-B and B-C) and run your own routing protocol over them. This would (worst case, try to avoid) also allow you to transport non-IP LAN data between sites (I don't know what DS8100 can do). However, keep in mind that VPWS or VPLS are not 100% reliable (you might experience packet drops, jitter or congestion), so check what's acceptable with your SAN vendor.
As for security: don't rely on the "MPLS/VPN is secure" pamphlets published by vendors and "independent" labs. MPLS VPN is undoubtedly infinitely better than public Internet, but if you need true security, use IPSEC. More details here: http://blog.ioshints.info/2009/04/true-or-false-mpls-vpns-offer.html Hope this helps Ivan http://www.ioshints.info/about http://blog.ioshints.info/ > -----Original Message----- > From: Bruce Pinsky [mailto:b...@whack.org] > Sent: Friday, May 29, 2009 6:27 PM > To: madunix > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] MPLS > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > madunix wrote: > > I have 3x sites with DS8100 SAN Storage at each side, I will be > > replicating data from one side to another (A - B, synchronous, > > distance 100Km) and (B-C, asynchronous, 300Km). Am thinking to use > > MPLS based on IP-VPN since its secure and not visible to other > > customers or internet. > > Out of your experience ...what do you think about ? > > > > Well, it's not "secure", it's simply routing isolated. If > you want security, as in encryption, you will need to do that > on your own. > > If you need low convergence times, MPLS/VPN is probably not > your best choice. I don't know of many (if any) providers > who will guarantee the convergence times through their > network. You should expect convergence times in the 10's of > seconds or more for certain types of failures. > > You may want to consider getting an L2VPN solution such as > VPWS or VPLS and running your own routing protocol and > failure detection methods. > > - -- > ========= > bep > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkogDOQACgkQE1XcgMgrtyZGgQCfWiGT5lRQBBLSfgG20sBbXsHr > 0mIAoNr/tvJ7D+aP19LhTzlz2e6aJjXP > =Cr6s > -----END PGP SIGNATURE----- > > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/