Absolutely agree with Bruce. For your particular setup, it would be best to
use two pseudowires (A-B and B-C) and run your own routing protocol over
them. This would (worst case, try to avoid) also allow you to transport
non-IP LAN data between sites (I don't know what DS8100 can do). However,
keep in mind that VPWS or VPLS are not 100% reliable (you might experience
packet drops, jitter or congestion), so check what's acceptable with your
SAN vendor.
As for security: don't rely on the MPLS/VPN is secure pamphlets published
by vendors and independent labs. MPLS VPN is undoubtedly infinitely better
than public Internet, but if you need true security, use IPSEC. More details
here:
http://blog.ioshints.info/2009/04/true-or-false-mpls-vpns-offer.html
Hope this helps
Ivan
http://www.ioshints.info/about
http://blog.ioshints.info/
-Original Message-
From: Bruce Pinsky [mailto:b...@whack.org]
Sent: Friday, May 29, 2009 6:27 PM
To: madunix
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] MPLS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
madunix wrote:
I have 3x sites with DS8100 SAN Storage at each side, I will be
replicating data from one side to another (A - B, synchronous,
distance 100Km) and (B-C, asynchronous, 300Km). Am thinking to use
MPLS based on IP-VPN since its secure and not visible to other
customers or internet.
Out of your experience ...what do you think about ?
Well, it's not secure, it's simply routing isolated. If
you want security, as in encryption, you will need to do that
on your own.
If you need low convergence times, MPLS/VPN is probably not
your best choice. I don't know of many (if any) providers
who will guarantee the convergence times through their
network. You should expect convergence times in the 10's of
seconds or more for certain types of failures.
You may want to consider getting an L2VPN solution such as
VPWS or VPLS and running your own routing protocol and
failure detection methods.
- --
=
bep
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkogDOQACgkQE1XcgMgrtyZGgQCfWiGT5lRQBBLSfgG20sBbXsHr
0mIAoNr/tvJ7D+aP19LhTzlz2e6aJjXP
=Cr6s
-END PGP SIGNATURE-
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/