Re: Gig Throughput on IPSEC
* Truman Boyes (tru...@suspicious.org) wrote: > > an SRX 3400/3600 you can scale up the performance of IPSEC VPN > throughput with additional SPCs. You should be able to scale to over > 6Gbps of IPSEC with enough SPCs. > > Truman Yes, the SRX line of products is the most future-proof way to go. I had a meeting with Juniper technical sales a short while ago and they also stated that "performace figures of the SRX is more in line what you get in real deployments" (compared to the ISG and NS marketing material which have IPsec throughput figures which you probably not will see in the field, same as most vendors). In the ISG and NS series you also need to be aware on capacity limitations in the cards and the backplane. ...and as no one else has commented on L2 security devices I assume that there is not many products for this (IEEE 802.1AE MAC Security). But on the other hand I suppose that there is mostly L3 people on this list and that the Metro Ethernet folks hangs elsewhere.. (I would go for IPsec.) Cheers, /Joakim
Re: Gig Throughput on IPSEC
On 12/11/2009, at 5:45 AM, Brad Fleming wrote: On Nov 11, 2009, at 3:25 AM, a...@baklawasecrets.com wrote: Hi, I have a requirement to encrypt data using IPSEC over a p-t-p gig fibre link. In the past I've normally used Juniper to terminate VPNs, as I have found them excellent devices and the route based VPN functionality very useful. However looking at their range, only the ISG will do a gig of IPSEC. I'm leaning towards keeping my exising Juniper SSG550's for firewall/routing capability at each site. Then having a separate encryption devices to handle the site-to-site vpn requiring the gig throughput. Does anyone have any suggestions on devices to use? Adel Not knowing all your other needs, I won't swear to it... but would the Juniper SRX650 work for your situation? It can pass 1.5Gbps of encrypted traffic according to their datasheet. I've never actually tried to move that much data through the box so I can't testify to it. Also, the Juniper SRX3400 is advertised as handling 6Gbps of encrypted traffic. Of course, these are JunosES devices as opposed to ScreenOS, but the transition isn't as painful as you might expect. We actually use the J-series devices with JunosES as site routers/firewalls with a great deal of success. The usual caveats apply: packet size, packets per second, etc; but with an SRX 3400/3600 you can scale up the performance of IPSEC VPN throughput with additional SPCs. You should be able to scale to over 6Gbps of IPSEC with enough SPCs. Truman
Re: What DNS Is Not
On 11/11/09 12:48 PM, Florian Weimer wrote: Since people need to *explicitly* choose using the OpenDNS servers, I can hardly see how anybody's wishes are foisted on these people. If you don't like the answers you get from this (free) service, you can of course choose to use a different service - for instance your ISP's name servers. What if your ISP's name servers are those from OpenDNS? We don't sell service to ISPs. That's a deliberate decision. But you already knew that. -David
Re: Resilience - How many BGP providers
It is wise to stack the deck in your favor, but you'll never really know how much real redundancy you've purchased: http://www.atis.org/ndai/ATIS_NDAI_Final_Report_2006.pdf David On Wed, Nov 11, 2009 at 3:41 PM, wrote: > I suppose I could take the whole resilience thing further and further and > further. One of the replies used a phrase which I thing captured the problem > quite nicely: "diminishing returns". > Basically I could spend lots and lots of money to try and eliminate all > single points of failure. Clearly I don't have the money to do this and what > I'm really trying to establish is at what > point do the returns start to diminish with regards to obtaining multiple > transit providers. The answer appears to be "it depends". So if getting a > third BGP peering with divergent paths, > separate last mile, separate facility and separate router will increase costs > by 5x but only increase resilience by 0.001% is it really worth it? I'm > trying to quantify the resilience of my > Internet connectivity and quantify the effects of adding more providers. Now > to run through my case: > > - I have one facility to locate BGP routers at. Thats not changing for the > moment. > - I can afford two BGP routers. > - The facility I'm located at tell me they have divergent fibre paths and > multiple entries into the facility. (Still need to verify this by getting > them to walk the routes with me) > - I am going to take transit from two upstreams. > - I could ask the question as to whether I can peer with separate routers on > each of the upstreams. i.e. to protect against router failures on their side. > - I will make sure that neither upstream peers with the other directly. (Does > this give me some AS path redundancy?) > > So from the above: > > - I have no resilience with regards to datacentre location. i.e. if a plane > fell out of the sky etc., I'm done. > - I can afford some BGP router resilience on my side. So I should be able to > continue working if a router failure which only affects one of my routers > occurs. > - I have some resilience in terms of actual fibre paths to the facilites > where I will be picking up the BGP feeds from. (to be verified) > - I have some "AS resilience" if this is the right term. So if the AS of one > of my upstreams drops off the face of the Internet, I can still get to the > Internet through the AS of my other > provider > - Peering with separate routers may give me some resilience for router > failure on the side of my upstreams? (not totally sure on this) > > In this situation, if I add another peering with another upstream, am I > really getting much return in terms of resilience? Or should I spend this > money examining the many other SPOFs in > my architecture? I'm perfectly sure there is absolutely no point me peering > with 6 providers, but maybe some gains in peering with 3? I'm trying to > figure out at what point is adding > another peering in my case a waste of money. > > I haven't gone into switch and power redundancy, because I "think" I > understand it. I wanted to concentrate on the multiple upstreams question. > Heads starting to whirl right about now. > > Adel > > > On Wed 5:27 PM , "Dylan Ebner" dylan.eb...@crlmed.com sent: >> >> You question has many caveats. Just having two providers does not >> necessarily get you more resiliency. If you have two providers and they are >> terminating on the same router, then you still have a SPOF problem. You >> also need to look at pysical paths as well. If you have two (or three) >> providers and they are using a common carrier, then you have a problem as >> well. For example, GLBX has a small prescence in the Minneapolis metro. If >> I were to use them as a provider, they would use Qwest as a last mile. If >> my other provider is Qwest (which it is), I may not have path >> divergence.Facilities are important too. We have three upstreams; Qwest, MCI >> and ATT. >> The facility only has two entrances, so that means two of these are in the >> same conduit. IF you only have one entrance, all you connections are going >> to run through that conduit, and that makes you susceptable to a rouge >> backhoe. >> You are on the right track to question your resilancy. Some upstreams can >> offer good resilancy with multiple feeds. Others cannot. I would start with >> your provider and see what you are getting. Maybe you already have path >> divergence, sperate last miles, and multiple paths in the isp core. If you >> go with multiple providers, you want to make sure you don't risk losing >> something you already have. >> >> >> >> -Original Message- >> From: a...@baklawasecrets.com [adel@ >> baklawasecrets.com] Sent: Wednesday, November 11, 2009 11:14 AM >> To: na...@nanog.o >> rgSubject: Resilience - How many BGP providers >> >> >> >> Hi, >> >> After recent discussions on the list, I've been thinking about the >> affectsof multiple BGP feeds to the overall resilienc
RE: Resilience - How many BGP providers
I suppose I could take the whole resilience thing further and further and further. One of the replies used a phrase which I thing captured the problem quite nicely: "diminishing returns". Basically I could spend lots and lots of money to try and eliminate all single points of failure. Clearly I don't have the money to do this and what I'm really trying to establish is at what point do the returns start to diminish with regards to obtaining multiple transit providers. The answer appears to be "it depends". So if getting a third BGP peering with divergent paths, separate last mile, separate facility and separate router will increase costs by 5x but only increase resilience by 0.001% is it really worth it? I'm trying to quantify the resilience of my Internet connectivity and quantify the effects of adding more providers. Now to run through my case: - I have one facility to locate BGP routers at. Thats not changing for the moment. - I can afford two BGP routers. - The facility I'm located at tell me they have divergent fibre paths and multiple entries into the facility. (Still need to verify this by getting them to walk the routes with me) - I am going to take transit from two upstreams. - I could ask the question as to whether I can peer with separate routers on each of the upstreams. i.e. to protect against router failures on their side. - I will make sure that neither upstream peers with the other directly. (Does this give me some AS path redundancy?) So from the above: - I have no resilience with regards to datacentre location. i.e. if a plane fell out of the sky etc., I'm done. - I can afford some BGP router resilience on my side. So I should be able to continue working if a router failure which only affects one of my routers occurs. - I have some resilience in terms of actual fibre paths to the facilites where I will be picking up the BGP feeds from. (to be verified) - I have some "AS resilience" if this is the right term. So if the AS of one of my upstreams drops off the face of the Internet, I can still get to the Internet through the AS of my other provider - Peering with separate routers may give me some resilience for router failure on the side of my upstreams? (not totally sure on this) In this situation, if I add another peering with another upstream, am I really getting much return in terms of resilience? Or should I spend this money examining the many other SPOFs in my architecture? I'm perfectly sure there is absolutely no point me peering with 6 providers, but maybe some gains in peering with 3? I'm trying to figure out at what point is adding another peering in my case a waste of money. I haven't gone into switch and power redundancy, because I "think" I understand it. I wanted to concentrate on the multiple upstreams question. Heads starting to whirl right about now. Adel On Wed 5:27 PM , "Dylan Ebner" dylan.eb...@crlmed.com sent: > > You question has many caveats. Just having two providers does not > necessarily get you more resiliency. If you have two providers and they are > terminating on the same router, then you still have a SPOF problem. You > also need to look at pysical paths as well. If you have two (or three) > providers and they are using a common carrier, then you have a problem as > well. For example, GLBX has a small prescence in the Minneapolis metro. If > I were to use them as a provider, they would use Qwest as a last mile. If > my other provider is Qwest (which it is), I may not have path > divergence.Facilities are important too. We have three upstreams; Qwest, MCI > and ATT. > The facility only has two entrances, so that means two of these are in the > same conduit. IF you only have one entrance, all you connections are going > to run through that conduit, and that makes you susceptable to a rouge > backhoe. > You are on the right track to question your resilancy. Some upstreams can > offer good resilancy with multiple feeds. Others cannot. I would start with > your provider and see what you are getting. Maybe you already have path > divergence, sperate last miles, and multiple paths in the isp core. If you > go with multiple providers, you want to make sure you don't risk losing > something you already have. > > > > -Original Message- > From: a...@baklawasecrets.com [adel@ > baklawasecrets.com] Sent: Wednesday, November 11, 2009 11:14 AM > To: na...@nanog.o > rgSubject: Resilience - How many BGP providers > > > > Hi, > > After recent discussions on the list, I've been thinking about the > affectsof multiple BGP feeds to the overall resilience of Internet > connectivityfor my organisation. So originally when I looked at the design > proposals, there was a provision in there for four connections with the > same Internet provider. Thinking about it and with the valuable input > ofmembers on this list, it was obvious that multiple connections from the > same provider defeated the aim of provid
[NANOG-announce] NANOG 48 Call for Presentations now available
Folks, The NANOG 48 Call for Presentations is now available at http://www.nanog.org/meetings/nanog48/index.php. Please take a look at the important dates, and submit your proposals at http://pc.nanog.org. Look forward to seeing you all in Austin. Thanks, Dave (for the NANOG PC) signature.asc Description: Digital signature ___ NANOG-announce mailing list nanog-annou...@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-announce
Re: What DNS Is Not
On Wed, 11 Nov 2009 21:48:39 +0100, Florian Weimer said: > > Since people need to *explicitly* choose using the OpenDNS servers, I > > can hardly see how anybody's wishes are foisted on these people. > > > > If you don't like the answers you get from this (free) service, you > > can of course choose to use a different service - for instance your > > ISP's name servers. > > What if your ISP's name servers are those from OpenDNS? # vi /etc/resolv.conf pgpLQFSgnnHga.pgp Description: PGP signature
Re: What DNS Is Not
> > Since people need to *explicitly* choose using the OpenDNS servers, I > > can hardly see how anybody's wishes are foisted on these people. > > > > If you don't like the answers you get from this (free) service, you > > can of course choose to use a different service - for instance your > > ISP's name servers. > > What if your ISP's name servers are those from OpenDNS? Then I guess you need to vote with your wallet and find a different ISP. Steinar Haug, Nethelp consulting, sth...@nethelp.no
Re: What DNS Is Not
On Nov 11, 2009, at 3:48 PM, Florian Weimer wrote: >> Since people need to *explicitly* choose using the OpenDNS servers, I >> can hardly see how anybody's wishes are foisted on these people. >> >> If you don't like the answers you get from this (free) service, you >> can of course choose to use a different service - for instance your >> ISP's name servers. > > What if your ISP's name servers are those from OpenDNS? 1) You can personally opt-out of OpenDNS' NXDOMAIN stuff & such. 2) I don't really see how that makes a difference. The point is, OpenDNS is not forcing anyone. Your ISP has a policy you don't like, use a different ISP. If there is no other ISP, well, I don't know what to tell you? Start one? Move? End of day, it is an OPT-IN service. If you happen to "opt-in" by buying service from your ISP, that does not change the basic premise. -- TTFN, patrick
RE: What DNS Is Not
Run your own nameservers or get a different ISP that doesn't force you to be filtered :-) -Original Message- From: Florian Weimer [mailto:f...@deneb.enyo.de] Sent: Wednesday, November 11, 2009 12:49 PM To: sth...@nethelp.no Cc: nanog@nanog.org Subject: Re: What DNS Is Not > Since people need to *explicitly* choose using the OpenDNS servers, I > can hardly see how anybody's wishes are foisted on these people. > > If you don't like the answers you get from this (free) service, you > can of course choose to use a different service - for instance your > ISP's name servers. What if your ISP's name servers are those from OpenDNS? http://slash128.com
Re: What DNS Is Not
> Since people need to *explicitly* choose using the OpenDNS servers, I > can hardly see how anybody's wishes are foisted on these people. > > If you don't like the answers you get from this (free) service, you > can of course choose to use a different service - for instance your > ISP's name servers. What if your ISP's name servers are those from OpenDNS?
Performance to and from Japan (who to connect to?)
Greetings, Im sure someone here is GREAT with connecting to Japan so I ask the following: We have a POP in 600 West 7th street, Los Angeles. What provider can I cross-connect to there to get better performance to Japan? Are there Japanese providers on net in that building? Anyone want to peer with me there that can give me better routing to Japan? Thank you very much Nanog. NJ Critical Data Network http://www.critical.net
Re: Gig Throughput on IPSEC - alternatively Layer2 encryption devices
Hi, Thanks for the pointers to the Juniper devices. I think I'm really thinking about layer2 encryption, rather than do the encryption using IPSEC. I feel that as its a p-t-p fibre link, this makes most sense in terms of throughput and least impact on the network. Operating at layer3 the IPSEC solution introduces more complexity than I would like across this link. As I understand it, with layer2 encryption devices VLANs between the sites, would "just work". I'm interested to hear of peoples experiences with layer 2 encryption devices out there, as I don't have that much experience with them. I think my subject line mentioning IPSEC is a bit confusing as I'm really after information on Layer2 encryption hardware. Adel On Wed 6:45 PM , Brad Fleming bdflem...@kanren.net sent: > > On Nov 11, 2009, at 3:25 AM, adel@ > baklawasecrets.com wrote: > > > > > > Hi, > > > > I have a requirement to encrypt data using IPSEC > over a p-t-p gig > fibre > > link. In the past I've normally used Juniper to > terminate VPNs, as I> have found them excellent devices and the route > based VPN > functionality > > very useful. However looking at their range, > only the ISG will do a > gig > > of IPSEC. I'm leaning towards keeping my > exising Juniper SSG550's for> firewall/routing capability at each site. Then > having a separate> encryption devices to handle the site-to-site > vpn requiring the gig> throughput. Does anyone have any suggestions on > devices to use?> > > > > > > Adel > > > > > > Not knowing all your other needs, I won't swear to it... but would the > Juniper SRX650 work for your situation? It can pass 1.5Gbps of > encrypted traffic according to their datasheet. I've never actually > tried to move that much data through the box so I can't testify to it. > > Also, the Juniper SRX3400 is advertised as handling 6Gbps of encrypted > traffic. > > Of course, these are JunosES devices as opposed to ScreenOS, but the > transition isn't as painful as you might expect. We actually use the J- > series devices with JunosES as site routers/firewalls with a great > deal of success. > > >
Re: Resilience - How many BGP providers
The thing to remember about redundancy is that it's a statistical game rather than a magic formula. You can be reasonably sure that any single component will go down at some point. Nothing works perfectly. Few things last forever. If you have two fairly reliable components, and if they're suffciently isolated from eachother that they won't be broken by the same event, it's much less likely that they'll both break at the same time. That means that if one breaks, and you're not unlucky, you'll have time to fix it before the other breaks. If you have three components, the chances of all three being broken at once are even less than the chances of two of them being broken at once. With four, you're even safer, and so on and so forth. But once you get beyond two, you hit a point of diminishing returns pretty quickly. That doesn't mean you should always do two of any given component. Some things may be so important that you're not willing to take that level of risk and are willing to spend significantly more money to get a small amount more protection. Some things may be sufficiently unimportant that you're willing to deal with occasional outages, and you can get by without a spare (few people -- with obvious exceptions who we don't need to hear about right now -- have fully redundant home connectivity, for instance). It's just a matter of understanding the risks, and doing the cost-benefit analysis to determine how much protection you need and how much you're willing to pay for it. -Steve On Wed, 11 Nov 2009, a...@baklawasecrets.com wrote: Hi, After recent discussions on the list, I've been thinking about the affects of multiple BGP feeds to the overall resilience of Internet connectivity for my organisation. So originally when I looked at the design proposals, there was a provision in there for four connections with the same Internet provider. Thinking about it and with the valuable input of members on this list, it was obvious that multiple connections from the same provider defeated the aim of providing resilience. So having come to the decision to use two providers and BGP peer with both, I'm wondering how much more resilience I would get by peering with more than two providers. So will it significantly increase my resilience by peering with three providers for example, as both of the upstreams I choose will be multihomed to other providers. Especially as I am only looking at peering out of the UK. Hope the above makes sense. Adel
Re: Gig Throughput on IPSEC
On Nov 11, 2009, at 3:25 AM, a...@baklawasecrets.com wrote: Hi, I have a requirement to encrypt data using IPSEC over a p-t-p gig fibre link. In the past I've normally used Juniper to terminate VPNs, as I have found them excellent devices and the route based VPN functionality very useful. However looking at their range, only the ISG will do a gig of IPSEC. I'm leaning towards keeping my exising Juniper SSG550's for firewall/routing capability at each site. Then having a separate encryption devices to handle the site-to-site vpn requiring the gig throughput. Does anyone have any suggestions on devices to use? Adel Not knowing all your other needs, I won't swear to it... but would the Juniper SRX650 work for your situation? It can pass 1.5Gbps of encrypted traffic according to their datasheet. I've never actually tried to move that much data through the box so I can't testify to it. Also, the Juniper SRX3400 is advertised as handling 6Gbps of encrypted traffic. Of course, these are JunosES devices as opposed to ScreenOS, but the transition isn't as painful as you might expect. We actually use the J- series devices with JunosES as site routers/firewalls with a great deal of success.
Re: Resilience - How many BGP providers
Dylan Ebner wrote: IF you only have one entrance, all you connections are going to run through that conduit, and that makes you susceptable to a rouge backhoe. Not just the rouge ones. The big yellow ones are far more common and can do just as much damage. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
RE: Resilience - How many BGP providers
You question has many caveats. Just having two providers does not necessarily get you more resiliency. If you have two providers and they are terminating on the same router, then you still have a SPOF problem. You also need to look at pysical paths as well. If you have two (or three) providers and they are using a common carrier, then you have a problem as well. For example, GLBX has a small prescence in the Minneapolis metro. If I were to use them as a provider, they would use Qwest as a last mile. If my other provider is Qwest (which it is), I may not have path divergence. Facilities are important too. We have three upstreams; Qwest, MCI and ATT. The facility only has two entrances, so that means two of these are in the same conduit. IF you only have one entrance, all you connections are going to run through that conduit, and that makes you susceptable to a rouge backhoe. You are on the right track to question your resilancy. Some upstreams can offer good resilancy with multiple feeds. Others cannot. I would start with your provider and see what you are getting. Maybe you already have path divergence, sperate last miles, and multiple paths in the isp core. If you go with multiple providers, you want to make sure you don't risk losing something you already have. -Original Message- From: a...@baklawasecrets.com [mailto:a...@baklawasecrets.com] Sent: Wednesday, November 11, 2009 11:14 AM To: nanog@nanog.org Subject: Resilience - How many BGP providers Hi, After recent discussions on the list, I've been thinking about the affects of multiple BGP feeds to the overall resilience of Internet connectivity for my organisation. So originally when I looked at the design proposals, there was a provision in there for four connections with the same Internet provider. Thinking about it and with the valuable input of members on this list, it was obvious that multiple connections from the same provider defeated the aim of providing resilience. So having come to the decision to use two providers and BGP peer with both, I'm wondering how much more resilience I would get by peering with more than two providers. So will it significantly increase my resilience by peering with three providers for example, as both of the upstreams I choose will be multihomed to other providers. Especially as I am only looking at peering out of the UK. Hope the above makes sense. Adel
Resilience - How many BGP providers
Hi, After recent discussions on the list, I've been thinking about the affects of multiple BGP feeds to the overall resilience of Internet connectivity for my organisation. So originally when I looked at the design proposals, there was a provision in there for four connections with the same Internet provider. Thinking about it and with the valuable input of members on this list, it was obvious that multiple connections from the same provider defeated the aim of providing resilience. So having come to the decision to use two providers and BGP peer with both, I'm wondering how much more resilience I would get by peering with more than two providers. So will it significantly increase my resilience by peering with three providers for example, as both of the upstreams I choose will be multihomed to other providers. Especially as I am only looking at peering out of the UK. Hope the above makes sense. Adel
RE: Transit from Cogent - thoughts?
I also suggest reading the Wikipedia page on Cogent. -Scott -Original Message- From: Jay Moran [mailto:jay+na...@tp.org] Sent: Wednesday, November 11, 2009 10:12 AM To: a...@baklawasecrets.com Cc: nanog@nanog.org Subject: Re: Transit from Cogent - thoughts? Adel, Perhaps the best way for you to get an answer to your question without the entire list erupting for no good reason is to click on the following link which will show all messages from the NANOG mailing list about Cogent. Then you can make your decision based on past conversations as opposed to adding more messages to that archive on the topic. BTW, if you don't want to click on the link I've pasted because you are careful and prudent, just go to the nanog.markmail.org website and search for "Cogent". http://nanog.markmail.org/search/?q=cogent Good luck! Jay On Wed, Nov 11, 2009 at 10:04 AM, wrote: > > > Contemplating using Cogent Communications for transit as pricing looks > favourable. Just trying to get a feel for what sort of a reputation they > have in the network operators community. I'm sure people have horror > stories for every provider, but just trying to get a general idea of what > sort of regard they are held in the community. > > Thanks > > Adel > >
Re: Gig Throughput on IPSEC
You can run L2TPv3 (available on IOS routers) between sites, not sure about the throughput though. On Wed, Nov 11, 2009 at 2:01 AM, wrote: > > > On second thoughts, thinking about this I am probably looking for some > kind of Layer2 encryption devices. This will make things a lot easier > for the deployment. Any experiences, thoughts on these types of devices, > would be much appreciated. > > Adel > > On Wed 9:25 AM , a...@baklawasecrets.com sent: > > Hi, > > I have a requirement to encrypt data using IPSEC over a p-t-p gig fibre > link. In the past I've normally used Juniper to terminate VPNs, as I > have found them excellent devices and the route based VPN functionality > very useful. However looking at their range, only the ISG will do a gig > of IPSEC. I'm leaning towards keeping my exising Juniper SSG550's for > firewall/routing capability at each site. Then having a separate > encryption devices to handle the site-to-site vpn requiring the gig > throughput. Does anyone have any suggestions on devices to use? > > > > Adel > > >
Re: Transit from Cogent - thoughts?
Adel, Perhaps the best way for you to get an answer to your question without the entire list erupting for no good reason is to click on the following link which will show all messages from the NANOG mailing list about Cogent. Then you can make your decision based on past conversations as opposed to adding more messages to that archive on the topic. BTW, if you don't want to click on the link I've pasted because you are careful and prudent, just go to the nanog.markmail.org website and search for "Cogent". http://nanog.markmail.org/search/?q=cogent Good luck! Jay On Wed, Nov 11, 2009 at 10:04 AM, wrote: > > > Contemplating using Cogent Communications for transit as pricing looks > favourable. Just trying to get a feel for what sort of a reputation they > have in the network operators community. I'm sure people have horror > stories for every provider, but just trying to get a general idea of what > sort of regard they are held in the community. > > Thanks > > Adel > >
Re: Transit from Cogent - thoughts?
Cogent has been brought up several times over the last year. I suggest searching http://www.gossamer-threads.com/lists/nanog/users/ Otherwise you've just reopened a can of worms again. On Wed, 2009-11-11 at 15:04 +, a...@baklawasecrets.com wrote: > > Contemplating using Cogent Communications for transit as pricing looks > favourable. Just trying to get a feel for what sort of a reputation they > have in the network operators community. I'm sure people have horror > stories for every provider, but just trying to get a general idea of what > sort of regard they are held in the community. > > Thanks > > Adel >
Transit from Cogent - thoughts?
Contemplating using Cogent Communications for transit as pricing looks favourable. Just trying to get a feel for what sort of a reputation they have in the network operators community. I'm sure people have horror stories for every provider, but just trying to get a general idea of what sort of regard they are held in the community. Thanks Adel
Re: Gig Throughput on IPSEC
On second thoughts, thinking about this I am probably looking for some kind of Layer2 encryption devices. This will make things a lot easier for the deployment. Any experiences, thoughts on these types of devices, would be much appreciated. Adel On Wed 9:25 AM , a...@baklawasecrets.com sent: Hi, I have a requirement to encrypt data using IPSEC over a p-t-p gig fibre link. In the past I've normally used Juniper to terminate VPNs, as I have found them excellent devices and the route based VPN functionality very useful. However looking at their range, only the ISG will do a gig of IPSEC. I'm leaning towards keeping my exising Juniper SSG550's for firewall/routing capability at each site. Then having a separate encryption devices to handle the site-to-site vpn requiring the gig throughput. Does anyone have any suggestions on devices to use? Adel
Gig Throughput on IPSEC
Hi, I have a requirement to encrypt data using IPSEC over a p-t-p gig fibre link. In the past I've normally used Juniper to terminate VPNs, as I have found them excellent devices and the route based VPN functionality very useful. However looking at their range, only the ISG will do a gig of IPSEC. I'm leaning towards keeping my exising Juniper SSG550's for firewall/routing capability at each site. Then having a separate encryption devices to handle the site-to-site vpn requiring the gig throughput. Does anyone have any suggestions on devices to use? Adel