100% less secure. There's no encryption at all in EoIP.
On 10/19/2015 11:44 AM, That One Guy /sarcasm wrote:
in the mikrotik implementation with ipsec, how much less "secure" than
something like an ipsec VPN tunnel? For the most part, since its all
routed traffic anyway, security isnt all that great a concern, other
than maybe some snmp strings I cant think of much that would matter
We do have an instance, Im assuming MPLS will be what would be best,
the customer has a 10mb ptp fiber connection from another provider
terminated in our NOC as a backup to their DIA with us over our
wireless infrastructure, but I dont know, its all new to me
On Mon, Oct 19, 2015 at 8:54 AM, Adam Moffett <[email protected]
<mailto:[email protected]>> wrote:
EoIP is non-standard, and while multiple platforms have it, they
are probably not compatible.
The main reason to do EoIP is if you need the entire layer2
header. I use it now and then to default a device, then bridge
it's port with an EOIP tunnel back to my office so that I can
access it from my laptop on it's default IP.
You can also carry a full size 1500 byte packet on the EoIP
tunnel....it will be fragmented on the outer layer so there's an
efficiency penalty in doing so, so if everything works with a
shorter MTU then use a shorter MTU. I switched a VPN to an EOIP
tunnel for a library whose SonicWall broke PMTUD and thus there
was packet loss on the tunneled traffic until I switched them to EoIP.
The other reason to do EoIP is that it's stupid simple.
Downsides: EoIP is insecure. Supposedly it's more cpu intensive
than other types of tunnels, but in practice I haven't noticed.
On 10/19/2015 2:28 AM, That One Guy /sarcasm wrote:
More interested in eoip comments, but when are these two bad
ideas, eoip with the ipsec in particular.
I have two scenarios where eoip will be necessary to maintain
upstream static routing between providers, one tunnel over the
interwebs and one tunnel over our network since our providers
are geographically isolated.
I'm having a hard time figuring out if eoip is up and coming
or dying, everything I read says its new but the documents are
old, mikrotik documents indicate it's proprietary but Cisco
docs mention it.
--
If you only see yourself as part of the team but you don't see your
team as part of yourself you have already failed as part of the team.
