VPN over satellite

Mike Hale eyeronic.design at gmail.com
Mon Apr 30 23:01:12 CDT 2012


"You can then use
traditional encryption to your satellite provider (or take Ethernet handoff
at the satellite earth station with co-located equipment, if appropriate)."
True...except for most audit/regulatory purposes, having the traffic
unencrypted in any part of the chain is unacceptable.

"Just obtain a bigger space
segment.  It's literally scalable to at least ~35 megabit with ease by
buying the appropriate sized pipe."
True, but you have to make sure you have the right modem.  The
majority of modems in VSAT stacks can go up to ~10mbps.  You usually
have to shell out quite a bit more money to get a modem capable of
handling larger bandwidths.

"Otherwise, if this is not adequate you can use any traditional acceleration
solution at the end sites, just check with the vendor for how optimized
they are for your latency scenario."
Exactly.  Figuring out *what* specifically you want to accelerate is
vital.  Virtually any accelerator on the market can handle FTP, HTTP
and other simple protocols.  It takes a lot of know-how to properly
accelerate some of the more complex ones.

On Mon, Apr 30, 2012 at 7:58 PM, PC <paul4004 at gmail.com> wrote:
> Most satellite modems offer built in TCP acceleration options heavily
> optimized for VSAT use and an encryption option (proprietary to their
> hardware only) which is probably your best bet.  You can then use
> traditional encryption to your satellite provider (or take Ethernet handoff
> at the satellite earth station with co-located equipment, if appropriate).
>
> Otherwise, if this is not adequate you can use any traditional acceleration
> solution at the end sites, just check with the vendor for how optimized
> they are for your latency scenario.
>
> For various reasons, you're best not bonding.  Just obtain a bigger space
> segment.  It's literally scalable to at least ~35 megabit with ease by
> buying the appropriate sized pipe.  Otherwise if you must bond I suggest
> you consider traditional ip routing mechanisms to do so on a per-flow basis.
>
>
>
> On Mon, Apr 30, 2012 at 3:42 AM, Rens <rens at autempspourmoi.be> wrote:
>
>> Dear,
>>
>>
>>
>> Could anybody recommend any hardware that can build a VPN that works well
>> over satellite connections? (TCP enhancements)
>>
>> I want to setup a L3 VPN between 2 satellite connections
>>
>>
>>
>> Even additionally if that hardware would also support WAN bonding even
>> better because I also have a scenario to connect 2 times 2 satellites to
>> have more capacity for my L3 VPN
>>
>>
>>
>> Regards,
>>
>>
>>
>> Rens
>>
>>
>>
>>
>>
>>



-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0



More information about the NANOG mailing list