[158628] in North American Network Operators' Group
Re: China Telecom VPN problems (again)
daemon@ATHENA.MIT.EDU (Warren Bailey)
Wed Dec 5 14:49:07 2012
From: Warren Bailey <wbailey@satelliteintelligencegroup.com>
To: "tom@cloudflare.com" <tom@cloudflare.com>, "morrowc.lists@gmail.com"
<morrowc.lists@gmail.com>
Date: Wed, 5 Dec 2012 19:48:31 +0000
In-Reply-To: <CAL89Sg+KYjTA9d8=V1g63uAuqxn31KSeSJKnrbRsyyX+HQwM3g@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Reply-To: Warren Bailey <wbailey@satelliteintelligencegroup.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Since when is heavy encryption cool in China? Export restrictions smoke all=
of the decent crypto options. Secondly, anything that is going to happen m=
pls wise is going to go through MIIT.. You would be shocked how long licens=
es could take. I was the senior engineer on a project that involved in-flig=
ht connectivity via satellite, 2 years later and there are still no license=
s. When I asked the Chinese officials (senior party officials) about an unr=
estricted pipe past the great firewall I was laughed out of the room.. The =
Chinese exert total control of outbound data on the mainland. Even when you=
get the OK to turn up, they still want a hard feed into their DPI, in our =
case knowing the sites (foreign flagged aircraft) transiting the network we=
re only in their AIRSPACE. China is a cool place, but you need to take your=
patience and checkbook if you want to have any hope in getting what you wa=
nt.
From my Galaxy Note II, please excuse any mistakes.
-------- Original message --------
From: Tom Paseka <tom@cloudflare.com>
Date: 12/05/2012 11:27 AM (GMT-08:00)
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: Warren Bailey <wbailey@satelliteintelligencegroup.com>,nanog@nanog.org
Subject: Re: China Telecom VPN problems (again)
On Wed, Dec 5, 2012 at 11:25 AM, Christopher Morrow <morrowc.lists@gmail.co=
m<mailto:morrowc.lists@gmail.com>> wrote:
On Wed, Dec 5, 2012 at 2:19 PM, Tom Paseka <tom@cloudflare.com<mailto:tom@c=
loudflare.com>> wrote:
> Its quite easy to get MPLS-VPN connectivity into China (Pacnet, Singtel,
> CPCNet, etc, will offer), but at a price.
mpls !=3D ipsec ... perhaps the OP wants some privacy and authentication an=
d such?
run IPSEC over the MPLS-VPN. It'll be a lot more stable than over public in=
ternet.
