[166597] in North American Network Operators' Group
Re: large scale ipsec
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Nov 1 11:08:11 2013
In-Reply-To: <1383316222.57868.YahooMailMobile@web142806.mail.bf1.yahoo.com>
Date: Fri, 1 Nov 2013 11:07:47 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: David Barak <thegameiam@yahoo.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Nov 1, 2013 at 10:30 AM, David Barak <thegameiam@yahoo.com> wrote:
> Hi Jan,
>
> Please define "large scale". Is that by number of endpoints, throughput, or some other metric? How big is big?
>
it's fair to believe that there are 'lots' of ipsec deployments where
there are ~1000 or so endpoints (network endpoints) connected in a
'vpn'. There are also certainly large volume ipsec deployments (I
recall an ipsec vpn problem at a former company for a single 400mbps
'flow' between endpoints, maybe david remembers this as well).
One might look at MS's documentation about deploying end-to-end ipsec
in their enterprise for one example of peer-to-peer ubiquitous ipsec.
it'd sure be helpful to have some dimensions to the OP's question though.
-chris
