China Telecom VPN problems (again)

Warren Bailey wbailey at
Wed Dec 5 19:48:31 UTC 2012

Since when is heavy encryption cool in China? Export restrictions smoke all of the decent crypto options. Secondly, anything that is going to happen mpls wise is going to go through MIIT.. You would be shocked how long licenses could take. I was the senior engineer on a project that involved in-flight connectivity via satellite, 2 years later and there are still no licenses. When I asked the Chinese officials (senior party officials) about an unrestricted pipe past the great firewall I was laughed out of the room.. The Chinese exert total control of outbound data on the mainland. Even when you get the OK to turn up, they still want a hard feed into their DPI, in our case knowing the sites (foreign flagged aircraft) transiting the network were only in their AIRSPACE. China is a cool place, but you need to take your patience and checkbook if you want to have any hope in getting what you want.

>From my Galaxy Note II, please excuse any mistakes.

-------- Original message --------
From: Tom Paseka <tom at>
Date: 12/05/2012 11:27 AM (GMT-08:00)
To: Christopher Morrow <morrowc.lists at>
Cc: Warren Bailey <wbailey at>,nanog at
Subject: Re: China Telecom VPN problems (again)

On Wed, Dec 5, 2012 at 11:25 AM, Christopher Morrow <morrowc.lists at<mailto:morrowc.lists at>> wrote:
On Wed, Dec 5, 2012 at 2:19 PM, Tom Paseka <tom at<mailto:tom at>> wrote:
> Its quite easy to get MPLS-VPN connectivity into China (Pacnet, Singtel,
> CPCNet, etc, will offer), but at a price.

mpls != ipsec ... perhaps the OP wants some privacy and authentication and such?

run IPSEC over the MPLS-VPN. It'll be a lot more stable than over public internet.

More information about the NANOG mailing list