China Telecom VPN problems (again)

Naslund, Steve SNaslund at medline.com
Thu Dec 6 19:24:26 UTC 2012


There are lots of carriers but unfortunately they all seem to use China
Telecom infrastructure for transport so there is not really a way to get
better Internet service there.  In our experience MPLS performs better
because China Telecom seems to hand off service to the international
MPLS carriers before the big Internet bottleneck.

Steven Naslund

-----Original Message-----
From: Christopher Morrow [mailto:morrowc.lists at gmail.com] 
Sent: Wednesday, December 05, 2012 1:25 PM
To: Tom Paseka
Cc: nanog at nanog.org
Subject: Re: China Telecom VPN problems (again)

On Wed, Dec 5, 2012 at 2:19 PM, Tom Paseka <tom at cloudflare.com> wrote:
> Its quite easy to get MPLS-VPN connectivity into China (Pacnet, 
> Singtel, CPCNet, etc, will offer), but at a price.

mpls != ipsec ... perhaps the OP wants some privacy and authentication
and such?

>
> Suzhou and Shenzhen are easily in reach of all the above listed
providers.
>
> On Wed, Dec 5, 2012 at 7:50 AM, Warren Bailey < 
> wbailey at satelliteintelligencegroup.com> wrote:
>
>> We tried to get our VPN work from the China Telecom/China Unicom 
>> beijing POP for over a year. The Chinese always claimed it was 
>> kosher, but we had something like 60%+ loss across our 4 hop VPN for 
>> the entirety of the project. Private circuits don't really exist on 
>> the mainland, HK and
>> (maybe) Shanghai are about the only places for decent connectivity. 
>> :/
>>
>> On 12/5/12 7:38 AM, "Suresh Ramasubramanian" <ops.lists at gmail.com>
wrote:
>>
>> >It's called the great firewall of china. Feel free to shift vendors 
>> >but it won't help.
>> >
>> >Meanwhile make sure none of your users are surfing for falun gong, 
>> >dalai lama, ai weiwei or whoever else the chicom censors don't like 
>> >on that particular day
>> >
>> >On Wednesday, December 5, 2012, Thomas York wrote:
>> >
>> >> It looks like I'm having China Telecom issues yet again. They're 
>> >>batting  down our SSL VPN tunnels. Switching ports doesn't help. 
>> >>Tunneling the SSL  tunnel inside of another tunnel doesn't help. At

>> >>this point I'm tired of  listening to the screaming by the business

>> >>users. Can someone contact me  (here or off-list, I don't care) 
>> >>about circuits in China so that we don't  have to use China 
>> >>Telecom? We'd only need 2-10 Mbit and Ethernet hand off.
>> >> We don't need BGP or MPLS or anything remotely fancy. Our main 
>> >>concern is  getting connectivity to the business district in 
>> >>Suzhou, but it'd be nice  if  we could also use the same carrier in

>> >>Shenzhen.
>> >>
>> >>
>> >>
>> >> Thanks!
>> >>
>> >>
>> >>
>> >> -- Thomas York
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >
>> >--
>> >--srs (iPad)
>> >
>>
>>
>>
>>




More information about the NANOG mailing list