Actually I will be running GB-Flash units at all the major sites on decent P4 hardware. Small sites will be running Roboxes as I can't sell a $1500-2000 solution to a 10-20 user office.
Chris Green -----Original Message----- From: Cox, Danny H. [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 12:53 PM To: Chris Green; Gnatbox Subject: RE: [gb-users] VPN Routing (Centralization) GTA: What is the cap on concurrent, dedicated VPN connections for both the Robox and the PRO? Chris, I assume you want Robox because they are already available to you - no purchases needed. If not, I would go with GB-Pro or 1000. I have used GB-PRO's with full T1 services and seen as little as 2% to 6% usage with 3 VPN connections, all at full T1 saturation. This was in a B2B development environment, and the GB was on a PII-450 platform. The nice thing about the PRO is ability to easily move to faster hardware. Use the Robox at the 50 remotes and Pro's at the bundle points. I believe you should be able to connect about 10 to 15 remotes per bundle. This would reduce the number of bundles tied into the central office (Corporate site) to about 4. I believe this is a very reasonable solution. You will need to calculate the routing tables, but once it is laid out, you will be able to easily add more remotes, and/or bundles. If GB cannot handle the traffic at the central point, use a Nortel Conntivity box - Check out Ebay! This should address most all the performance and management issues. Danny -----Original Message----- From: Chris Green [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 10:14 AM To: Cox, Danny H.; 'Gnatbox' Subject: RE: [gb-users] VPN Routing (Centralization) That's helpful, but the main question is whether Gnatbox is capable now of concentrating like that. Building out as a multi-hub environment is totally realistic and I'd prefer to do it.. But the last time I worked with large-scale VPN deployments with Gnatbox you had to do a full mesh to allow communications. I'm concerned more about the ability to a Robox to handle an excessive amount of VPN definitions, and the management overhead of changing it in every place. Consolidating to a few hubs and having small sites VPN in from there will work just fine with me if it is now possible. Chris Green -----Original Message----- From: Cox, Danny H. [mailto:[EMAIL PROTECTED] Sent: Friday, March 21, 2003 12:00 PM To: Chris Green; Gnatbox Subject: RE: [gb-users] VPN Routing (Centralization) Can you elaborate? 50 + seems rather high. I would think the pipe needed would be on the order of an OC3 if you want any real performance; especially if there are multiple systems at each site. I would suggest a tiered environment where the remotes are bundled into subgroups and the bundles are tied into a corporate wan, this may prove more effective. This should allow all the remotes joint communication while reducing the hellish task of managing massive amounts of single point traffic. The bundles can be configured based on geographic proximity, with the corporate point as the center. This also should help in setting up a war room where all servers and firewalls can be managed via a single group through encrypted tunnels... The rest should be a matter of routing tables... It is just a thought. One that I hope helps. All constructive comments are welcome to my babbling madness. Danny -----Original Message----- From: Chris Green [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 10:59 PM To: Gnatbox Subject: [gb-users] VPN Routing (Centralization) I am likely to be selling a large deployment of GnatBox in a branch-office type configuration. The company currently uses Raptor and has had their fill of the issues that Raptor brings with it. Is it possible for these remote sites (50+ remote sites) to route traffic through a single VPN connection to the corporate site as a hub for VPN traffic? In my years of using GTA products I have never known this to be a feature, but to manage 50+ tunnels on each of 50+ devices seems to be a looming nightmare. Most traffic is between the branch and corporate, but we will need to be able to facilitate the ocaisional need for communication branch to branch. Thanks, Chris Green --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[EMAIL PROTECTED]
