large scale ipsec

• Previous message (by thread): large scale ipsec
• Next message (by thread): Weekly Routing Table Report
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- morrowc.lists at gmail.com wrote:
From: Christopher Morrow <morrowc.lists at gmail.com>

One good reason to not do link encryption is: "the problem is that
whackadoodle box you put outside the router!" :( most often those
boxes can't do light-level monitoring, loopbacks, etc... all the stuff
your NOC wants to do when 'link flapped,doh!' happens.
-----------------------------------------------------


Yes!  It is really hard to work with those things for the reasons
you mention and they tend to be the culprit quite often.  Also,
a lot of times it adds more finger pointing as there tends to be
a different group taking care of just the bulk encryptors.  Last,
I have seen some strange behaviors, such as not passing BPDUs.
That makes VLANing *phun*.  Not!

scott

• Previous message (by thread): large scale ipsec
• Next message (by thread): Weekly Routing Table Report
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]