High Speed IP-Sec - Summary
bicknell at ufp.org
Tue Jun 10 19:08:09 UTC 2003
Here's a summary of answers I received, thanks to all:
* Netscreen www.netscreen.com
Wide variety of products from low end 10Mbps boxes to high end 1000Mbps
boxes. Generally also firewalls, have VPN client support, and other
From a site-to-site VPN perspective the low end is priced reasonably,
where as the high end gets a bit expensive due to kitchen sink
* Cisco PIX www.cisco.com
Good variety of products from 50Mbps to 1000Mbps. Also firewalls and
in some cases IDS like boxes.
A bit high in price across the board for site-to-site VPN's, mainly
due to kitchen sink functionality.
* CipherOptics www.cipheroptics.com
Dedicated full duplex gige IPSec box, with very minimal firewall
Very good price for a site-to-site VPN and no other junk to get in the
way. A good contender for high speed IPSec.
* Cisco Accelerator Cards www.cisco.com
There are two varieties, the VAM for a 7200, and the VPNSM for a
Pricing is good for a site-to-site VPN if you already have the chassis
for other reasons and have free slots. If you have to include the
chassis and interfaces in the cost they are both a pretty expensive
* Juniper Accelerator Cards www.juniper.com
There are IPSec cards for all of the M-series boxes.
Pricing is a similar situation to Cisco. Not too bad for site-to-site
if you have the chassis, but if you're adding in the cost of a chassis
and interface cards as well you're back to a pretty expensive
* ET/R4000 http://www.etinc.com/r4000.htm
FreeBSD box with an accelerator card. Comes in 100Mbps and Gigabit
versions, probably can't quite do full gigabit, but could come close.
Priced very attractively for site-to-site VPN's, a bit of a concern
that while it's sold as a complete box with support, it's a bit less
of a "solution" than the other companies offer.
* IWill motherboards.
These don't meet my qualification, but if you're into roll your own
I will has motherboards with IPSec coprocessors onboard supported
by some free OS's:
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
More information about the NANOG