On Wed, Oct 30, 2013 at 10:55 PM, coderman <[email protected]> wrote: > On Wed, Oct 30, 2013 at 11:35 AM, Gregory Foster > <[email protected]> wrote: >> ... According to a top secret accounting dated Jan. 9, 2013, >> NSA’s acquisitions directorate sends millions of records >> every day from Yahoo and Google internal networks ... >> The NSA’s principal tool to exploit the data links is a >> project called MUSCULAR, operated jointly with the >> agency’s British counterpart, GCHQ. From undisclosed >> interception points, the NSA and GCHQ are copying >> entire data flows across fiber-optic cables that carry >> information between the data centers... > > > encryption between sites would eliminate the risk above on private > fiber. you can easily accomplish this today via various means. (some > businesses already VPN over private dedicated fiber) > > if you wanted to protect every host in every data center end-to-end > would you go with IPsec or OpenVPN or other? > > what is the largest IPsec deployment on record? (transport, not tunnel mode) > > how would you handle key management / key exchange for such a system?
Post the above to nanog. Anyone can put 10G nics in router pc's and easily pass more than 1G.. But big fiber links are 10/40/100G per wave. You'd need some very fast asic link encryptors for that or offload it to your hosts doing ipsec between your cages/dc's. Yahoo, Google, etc may peer but they almost certainly don't own the fiber they do it over, the tier-n's they buy from do, or the raw fiber providers do. Though they can often attach leased fiber direct to their shelves. These questions are a bit mixed into different areas. You're either talking bandwidth consumers trying to encrypt. Or the bandwidth providers getting together to encrypt their backbones. Very different things.
