Anyone using uvlan out there?
mpalmer at hezmatt.org
Fri Sep 14 03:03:50 UTC 2007
On Fri, Sep 14, 2007 at 12:33:03PM +1000, Steven Haigh wrote:
> Quoting Matt Palmer <mpalmer at hezmatt.org>:
> >On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote:
> >> 2. It doesn't require licensing
> >Plenty of VPN products out there are FOSS;
> Yeah - I wasn't too sure about this either. I haven't seen any VPN
> software that requires licensing in years. I didn't know anyone still
> required this?
There's plenty of lots-o-money VPN products out there; presumably that's
what they're talking about. The problem is that the statement "uvlan isn't
a VPN because it doesn't require licencing" is a ridiculous statement,
because you don't have to have a licencing requirement to be a VPN.
> >> 3. It is much simpler
> >Simpler than what?
Simple is in the eye of the beholder. Switched ethernet networks have their
complexities that routed networks don't...
> >> 4. It operates at Layer-2 (Ethernet), VPNs generally operate at
> >>Layer-3 (IP)
> >Generally, perhaps, but it's not a requirement of the term "VPN" that it be
> >an L3 transition.
> >> Layer-2 applications like gaming can't be supported with
> >>Layer-3 tunneling.
> >Plenty of games can successfully use IP.
> I was thinking more the case of joining lans. Obviously its not a
> solution for all causes, as anything with more than 5-10 nodes per
> site and more than 2-3 sites would get pretty ugly. I think a nice
> thing would be for things that can ONLY use a local LAN due to either
> software or developer restrictions.
> >>From my understanding, this software is pretty much acting like a
> >>bridge, but with endpoints over a routed IP network.
> >>Has anyone actually used this? Thoughts? Criticisms?
> >I haven't used this particular software, but I've used OpenVPN (software of
> >the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all
> >the usual restrictions on LAN-like traffic over a low-bandwidth,
> >high-latency link. Most things that need to use Ethernet assume all sorts
> >of things that just don't hold over the Internet, and it causes some
> >hassles. But, engineered properly, in the correct circumstances, it can be
> >handy to bridge two or more segments over a routed network.
> I've used a lot of VPN stuff in the past, but I've usually always
> ended up doing it on a router, then had to NAT over it and all sorts
> of nasty stuff. I think this is a nicer solution if it could be
> implemented right :)
I don't think you quite got my point -- you *don't* need uvlan to bridge
Ethernet segments over a routed network; there are other products which will
do the same thing. As I said, I've used OpenVPN to do this job, and my
experiences are given in that block of text you quoted.
> >A criticism of uvlan in particular is that I wouldn't trust my network
> >security to people who sound so clueless. Their derision of VPNs, as you
> >quoted above, shows either a lack of sense or a blind hatred, using libpcap
> >in this situation gave me some chuckles, and their "What algorithms are
> >used?" page scares me a little. I'll stick with OpenVPN, myself.
> I think it's come about of a case of wanting to do stuff that won't
> work properly over a routed network (xbox games etc) - however could
> be nicer for a lot more things.
XBox games don't work over a routed network? Please tell me that XBox Live
isn't just a giant uvlan install.
When the revolution comes, they won't be able to FIND the wall.
-- Brian Kantor, in the Monastery
More information about the NANOG