large multi-site enterprises and PI prefix [Re: who gets a /32 [Re: IPV6 renumbering painless?]]
Chris Kuethe
chris.kuethe at gmail.com
Mon Nov 22 18:58:06 UTC 2004
On Mon, 22 Nov 2004 20:24:15 +0200 (EET), Pekka Savola
<pekkas at netcore.fi> wrote:
>
>
>
> On Sun, 21 Nov 2004 bmanning at vacation.karoshi.com wrote:
> >> This seems to imply several things:
> >> - when having lots of sites, you typically want to obtain local
> >> Internet connectivity, because transporting all the traffic over
> >> links or VPNs is a pretty heavy business
> >
> > this is an assertion which many have claimed is false.
> > based on empericial evidence.
> ...
> Care to offer a couple of examples of this empirical evidence ?
Well you'll have to get some kind of link unless you don't want to
move packets. Leave it up to the business case to dictate your
connection type. At least on the topic of backhauling traffic over the
vpn, it's really no worse than having all your offices connect back to
the central site in plaintext. Crypto is cheap these days.
When my 133MHz home firewall can push 50Mbps down the vpn with a $70
crypto board, there's no way a simple VPN can be considered "pretty
heavy business". Look at all the CPU vendors squawking about on-die
crypto (to say nothing of the vendors of crypto cards). There are a
number of decent vendors of VIA C3 based systems without any need for
moving parts that'll give you full duplex crypto on 3 100mbit links
with processor time and bus cycles to spare.
/me waits for Henning to say something about openbsd and C3's...
--
GDB has a 'break' feature; why doesn't it have 'fix' too?
More information about the NANOG
mailing list