RE: (IPSec alternatives)

From: Truman, Michelle, RTSLS (mtruman@att.com)
Date: Thu Jun 12 2003 - 13:57:45 GMT-3

• Next message: Pratt, Jeremy: "RE: R&S MPLS"
• Previous message: Castelino, Flavian: "RE: switching::DHCP pool choice"
• Maybe in reply to: McCallum, Robert: "RE: (IPSec alternatives)"
• Next in thread: Peter van Oene: "RE: (IPSec alternatives)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The only thing that protects you from the provider is dark fiber and
private line. Beyond that, you are on a partitioned network. Many
thousands of folks have been comfortable with frame and atm. VRF is no
different. You have vulnerability in the provisioning process, so you
better be with a carrier who has systems designed to scale provisioning
and safeguards for provisioning errors.

Michelle Truman CCIE # 8098
Principal Technical Consultant
AT&T Solutions Center
mailto:mtruman@att.com
Work: 651-998-0949

-----Original Message-----
From: Peter van Oene [mailto:pvo@usermail.com]
Sent: Thursday, June 12, 2003 9:31 AM
To: 'ccielab@groupstudy.com'
Subject: RE: (IPSec alternatives)

At 08:33 AM 6/12/2003 +0100, McCallum, Robert wrote:
>why use IPSEC dont you trust MPLS vrfs?

VRFs do not protect you from the provider, or any intermediary providers
in
a carrier of carrier networks. I imagine some folks might be
uncomfortable
with this.

Pete

> > -----Original Message-----
> > From: Howard C. Berkowitz [mailto:hcb@gettcomm.com]
> > Sent: 11 June 2003 23:06
> > To: 'ccielab@groupstudy.com'
> > Subject: Re: (IPSec alternatives)
> >
> >
> > At 8:57 PM +0100 6/11/03, R&S Groupstudy wrote:
> > >Hi,
> > >
> > >Please can I hear peoples views on the following:
> > >
> > >I want to connect three sites together via the internet. (I
> > just made this
> > >up)
> >
> > Before going farther, you need to a bit more defining of the problem
> > you want to solve, as well as the technology. I think of VPDN as
> > virtual private dial network, so where is the dialing if you are
> > running over the Internet? To the ISP?
> >
> > Are there other kinds of data not requiring security that need to go
> > over the same tunnels, which would be a reason for GRE?
> >
> > Where is the IPSec encryption taking place? Hosts? Your
> > gateways? ISP gateways?
> >
> > >
> > >I have FW IOS feature set routers .
> > >
> > >what are the pros and cons of implementing
> > >
> > >1. native IPSEC
> > >2. IPSEC over GRE tunnels
> > >3. IPsec using VPDN peering beyween routers.
> > >
> > >cheers
> > >
> > >Adam

• Next message: Pratt, Jeremy: "RE: R&S MPLS"
• Previous message: Castelino, Flavian: "RE: switching::DHCP pool choice"
• Maybe in reply to: McCallum, Robert: "RE: (IPSec alternatives)"
• Next in thread: Peter van Oene: "RE: (IPSec alternatives)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:57 GMT-3