To me the fact you don't need vpn is one of the main selling point for these products (and mpls networks in general).
MPLS networks seem to have been more common place here in Aus than the US until recently. I certainly haven't bothered with vpn's for many years now as they just add more complexity. I can understand why some people add the extra layer of security though. However if you feel you have to run a vpn then I'd say get a better provider. -----Original Message----- From: Matthew W. Ross [mailto:[email protected]] Sent: Friday, 14 May 2010 6:34 AM To: NT System Admin Issues Subject: Hijacked Thread: All WAN over VPN? (Was: RE: Network/WAN question) I have a related question: If you are separated, site to site, with a large layer 2 fiber network... would you put the traffic between routers over a VPN? Or is it common place for companies to "trust their providers" not to have a man in the middle, and just route? I can't imagine anybody actually does this without an IPSec or OpenVPN tunnel of some kind... But I'm curious if there are. --Matt Ross Ephrata School District ----- Original Message ----- From: Kim Longenbaugh [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Thu, 13 May 2010 13:05:09 -0700 Subject: RE: Network/WAN question > It sounds like you have 10 PPP circuits to your remote sites, each > currently a T1. You're replacing the T1s with Ethernet circuits. > > Just replace this: > >Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > Site > >(172.21.x.x) > > With this: > >Main Site (172.20.x.x) ------ Ethernet "Wan" link (192.168.x.x) > >------ > Remote Site > >(172.21.x.x) > > Your broadcast and collision domains would remain separate, just like > they are now. > > Unless your existing routers have the Ethernet port to handle the new > Ethernet "Wan", you'd have to do your routing with the L3 switches > anyway, so why not dump the routers and have just one piece of network > gear at each remote site to manage. > > > How would this work without routing? How's traffic on 172.20.x.x get > to 172.21.x.x, since those are separate subnets? > > >When setting up the Fiber, because layer 2, I do NOT have to have a > >seperate network for that WAN link anymore. I can set it up like: > >Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > (172.21.x.x) > > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Thursday, May 13, 2010 2:42 PM > To: NT System Admin Issues > Subject: Network/WAN question > > > Hello. Looking for input on our current/proposed network. > > We have 10 sites. Each site is connected via T1 lines. There is a > router at each site that handles the routing. > > We are replacing the T1 lines with fiber. The company leasing us the > fiber is handing off an ethernet port at each site (all layer 2). > > My question is... Our current WAN setup with the T1s looks like this: > > Main Site (172.20.x.x) ------ T1 Wan link (192.168.x.x) ------ Remote > Site > (172.21.x.x) > > The WAN link itself is on it's own network. > > When setting up the Fiber, because layer 2, I do NOT have to have a > seperate network for that WAN link anymore. I can set it up like: > Main Site (172.20.x.x) ------ Fiber Link ------- Remote Site > (172.21.x.x) > > The downside with this is, broadcasts would still travel over the > Fiber link since the WAN link is not on a seperate network. It does > however, simplify things for me a bit. > > The question is, which of the two methods would you use? Putting the > Fiber WAN link on it's own network or, not? > > One other question. Since my HP switches at the main/remote sites are > able to do IP Routing, would you also remove the routers (which are > needed with the current T1 WAN links) completly from the enviroment > and do all routing at the switch level? I'm leaning towards doing > this and ditching the routers. > > Thanks. > J > > > > > -------------------------------------------------------------------- > mail2web.com - What can On Demand Business Solutions do for you? > http://link.mail2web.com/Business/SharePoint > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
