[58996] in North American Network Operators' Group
Re: High Speed IP-Sec - Summary
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Tue Jun 10 15:08:44 2003
Date: Tue, 10 Jun 2003 15:08:09 -0400
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <20030609200318.GA8113@ussenterprise.ufp.org>
Errors-To: owner-nanog-outgoing@merit.edu
--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Here's a summary of answers I received, thanks to all:
* Netscreen www.netscreen.com
Wide variety of products from low end 10Mbps boxes to high end 1000Mbps
boxes. Generally also firewalls, have VPN client support, and other
features.
From a site-to-site VPN perspective the low end is priced reasonably,
where as the high end gets a bit expensive due to kitchen sink
functionality.
* Cisco PIX www.cisco.com
Good variety of products from 50Mbps to 1000Mbps. Also firewalls and
in some cases IDS like boxes.
A bit high in price across the board for site-to-site VPN's, mainly
due to kitchen sink functionality.
* CipherOptics www.cipheroptics.com
Dedicated full duplex gige IPSec box, with very minimal firewall
filters.
Very good price for a site-to-site VPN and no other junk to get in the
way. A good contender for high speed IPSec.
* Cisco Accelerator Cards www.cisco.com
There are two varieties, the VAM for a 7200, and the VPNSM for a
Cat6509.
Pricing is good for a site-to-site VPN if you already have the chassis
for other reasons and have free slots. If you have to include the
chassis and interfaces in the cost they are both a pretty expensive
solution.
* Juniper Accelerator Cards www.juniper.com
There are IPSec cards for all of the M-series boxes.
Pricing is a similar situation to Cisco. Not too bad for site-to-site
if you have the chassis, but if you're adding in the cost of a chassis
and interface cards as well you're back to a pretty expensive
solution.
* ET/R4000 http://www.etinc.com/r4000.htm
FreeBSD box with an accelerator card. Comes in 100Mbps and Gigabit
versions, probably can't quite do full gigabit, but could come close.
Priced very attractively for site-to-site VPN's, a bit of a concern
that while it's sold as a complete box with support, it's a bit less
of a "solution" than the other companies offer.
* IWill motherboards.
These don't meet my qualification, but if you're into roll your own
I will has motherboards with IPSec coprocessors onboard supported
by some free OS's:
http://www.iwill.net/products/ProductDetail.asp?vID=3D129&CID=3D110
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+5iyZNh6mMG5yMTYRAvwkAJ9Y8YmUQCrBXk+WwIRkol0jqOkmGQCeK5W6
eKQh6PQLzwR0aY0UL1irS7s=
=PTwu
-----END PGP SIGNATURE-----
--17pEHd4RhPHOinZp--
