How would you implement between sites? With a VPN? If so, then why not just buy internet circuits instead of PPP circuits, since (at least in my experience) the recurring cost for the circuits is less than the cost of PPP circuits. The initial extra outlay for the VPN solution will be offset at some point by the reduction in circuit costs.
KBL From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, May 13, 2010 4:22 PM To: NT System Admin Issues Subject: Re: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question) Always encrypt between sites... -ASB: http://XeeSM.com/AndrewBaker On Thu, May 13, 2010 at 4:33 PM, Matthew W. Ross <[email protected]> wrote: I have a related question: If you are separated, site to site, with a large layer 2 fiber network... would you put the traffic between routers over a VPN? Or is it common place for companies to "trust their providers" not to have a man in the middle, and just route? I can't imagine anybody actually does this without an IPSec or OpenVPN tunnel of some kind... But I'm curious if there are. --Matt Ross Ephrata School District ----- Original Message ----- From: Kim Longenbaugh [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Thu, 13 May 2010 13:05:09 -0700 Subject: RE: Network/WAN question > It sounds like you have 10 PPP circuits to your remote sites, each > currently a T1. You're replacing the T1s with Ethernet circuits. > > Just replace this: > >Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > Site > >(172.21.x.x) > > With this: > >Main Site (172.20.x.x) ------ Ethernet "Wan" link (192.168.x.x) ------ > Remote Site > >(172.21.x.x) > > Your broadcast and collision domains would remain separate, just like > they are now. > > Unless your existing routers have the Ethernet port to handle the new > Ethernet "Wan", you'd have to do your routing with the L3 switches > anyway, so why not dump the routers and have just one piece of network > gear at each remote site to manage. > > > How would this work without routing? How's traffic on 172.20.x.x get to > 172.21.x.x, since those are separate subnets? > > >When setting up the Fiber, because layer 2, I do NOT have to have a > >seperate network for that WAN link anymore. I can set it up like: > >Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > (172.21.x.x) > > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Thursday, May 13, 2010 2:42 PM > To: NT System Admin Issues > Subject: Network/WAN question > > > Hello. Looking for input on our current/proposed network. > > We have 10 sites. Each site is connected via T1 lines. There is a > router > at each site that handles the routing. > > We are replacing the T1 lines with fiber. The company leasing us the > fiber > is handing off an ethernet port at each site (all layer 2). > > My question is... Our current WAN setup with the T1s looks like this: > > Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > Site > (172.21.x.x) > > The WAN link itself is on it's own network. > > When setting up the Fiber, because layer 2, I do NOT have to have a > seperate network for that WAN link anymore. I can set it up like: > Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > (172.21.x.x) > > The downside with this is, broadcasts would still travel over the Fiber > link since the WAN link is not on a seperate network. It does however, > simplify things for me a bit. > > The question is, which of the two methods would you use? Putting the > Fiber WAN link on it's own network or, not? > > One other question. Since my HP switches at the main/remote sites are > able > to do IP Routing, would you also remove the routers (which are needed > with > the current T1 WAN links) completly from the enviroment and do all > routing > at the switch level? I'm leaning towards doing this and ditching the > routers. > > Thanks. > J > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
