in the mikrotik implementation with ipsec, how much less "secure" than something like an ipsec VPN tunnel? For the most part, since its all routed traffic anyway, security isnt all that great a concern, other than maybe some snmp strings I cant think of much that would matter
We do have an instance, Im assuming MPLS will be what would be best, the customer has a 10mb ptp fiber connection from another provider terminated in our NOC as a backup to their DIA with us over our wireless infrastructure, but I dont know, its all new to me On Mon, Oct 19, 2015 at 8:54 AM, Adam Moffett <[email protected]> wrote: > EoIP is non-standard, and while multiple platforms have it, they are > probably not compatible. > > The main reason to do EoIP is if you need the entire layer2 header. I use > it now and then to default a device, then bridge it's port with an EOIP > tunnel back to my office so that I can access it from my laptop on it's > default IP. > > You can also carry a full size 1500 byte packet on the EoIP tunnel....it > will be fragmented on the outer layer so there's an efficiency penalty in > doing so, so if everything works with a shorter MTU then use a shorter > MTU. I switched a VPN to an EOIP tunnel for a library whose SonicWall > broke PMTUD and thus there was packet loss on the tunneled traffic until I > switched them to EoIP. > > The other reason to do EoIP is that it's stupid simple. > > Downsides: EoIP is insecure. Supposedly it's more cpu intensive than > other types of tunnels, but in practice I haven't noticed. > > > > On 10/19/2015 2:28 AM, That One Guy /sarcasm wrote: > >> >> More interested in eoip comments, but when are these two bad ideas, eoip >> with the ipsec in particular. >> I have two scenarios where eoip will be necessary to maintain upstream >> static routing between providers, one tunnel over the interwebs and one >> tunnel over our network since our providers are geographically isolated. >> I'm having a hard time figuring out if eoip is up and coming or dying, >> everything I read says its new but the documents are old, mikrotik >> documents indicate it's proprietary but Cisco docs mention it. >> >> > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
