[163483] in North American Network Operators' Group
Re: PRISM: NSA/FBI Internet data mining project
daemon@ATHENA.MIT.EDU (Ryan Malayter)
Sun Jun 9 13:50:14 2013
From: Ryan Malayter <malayter@gmail.com>
In-Reply-To: <0CFF54003CD92945994CF0C0F90D81B6014EFB9F@EXCH1-FWA1.zenetra.local>
Date: Sun, 9 Jun 2013 12:49:44 -0500
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 9, 2013, at 7:20 AM, "R. Benjamin Kessler" <Ben.Kessler@zenetra.com> w=
rote:=20
> I see that there is actually a beast that will do encryption of multiple 1=
0G waves between Cisco ONS boxes -=20
>=20
> https://www.cisco.com/en/US/prod/collateral/optical/ps5724/ps2006/at_a_gla=
nce_c45-728015.pdf
>=20
> How many people are actually doing this?
Not sure why you would want the massive fail that is layer-2 DCI in the firs=
t place, but you certainly don't need this sort of ridiculously expensive ge=
ar.
Packet encryption is embarrassingly parallel when you have lots of flows, an=
d best distributed throughout the infrastructure to many endpoints. One big e=
xpensive box is one big bottleneck and one big SPOF.
We actually use cluster-to-cluster and even host-to-host IPsec SAs in certai=
n cases.=
