Re: [c-nsp] MPLS

2009-05-30 Thread Ivan Pepelnjak 
Absolutely agree with Bruce. For your particular setup, it would be best to
use two pseudowires (A-B and B-C) and run your own routing protocol over
them. This would (worst case, try to avoid) also allow you to transport
non-IP LAN data between sites (I don't know what DS8100 can do). However,
keep in mind that VPWS or VPLS are not 100% reliable (you might experience
packet drops, jitter or congestion), so check what's acceptable with your
SAN vendor.

As for security: don't rely on the MPLS/VPN is secure pamphlets published
by vendors and independent labs. MPLS VPN is undoubtedly infinitely better
than public Internet, but if you need true security, use IPSEC. More details
here:

http://blog.ioshints.info/2009/04/true-or-false-mpls-vpns-offer.html

Hope this helps
Ivan
 
http://www.ioshints.info/about
http://blog.ioshints.info/

 -Original Message-
 From: Bruce Pinsky [mailto:b...@whack.org] 
 Sent: Friday, May 29, 2009 6:27 PM
 To: madunix
 Cc: cisco-nsp@puck.nether.net
 Subject: Re: [c-nsp] MPLS
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 madunix wrote:
  I have 3x sites with DS8100 SAN Storage at each side, I will be 
  replicating data from one side to another (A - B, synchronous, 
  distance 100Km) and (B-C, asynchronous, 300Km). Am thinking to use 
  MPLS based on IP-VPN  since its secure and not visible to other 
  customers or internet.
  Out of your experience ...what do you think about ?
  
 
 Well, it's not secure, it's simply routing isolated.  If 
 you want security, as in encryption, you will need to do that 
 on your own.
 
 If you need low convergence times, MPLS/VPN is probably not 
 your best choice.  I don't know of many (if any) providers 
 who will guarantee the convergence times through their 
 network.  You should expect convergence times in the 10's of 
 seconds or more for certain types of failures.
 
 You may want to consider getting an L2VPN solution such as 
 VPWS or VPLS and running your own routing protocol and 
 failure detection methods.
 
 - --
 =
 bep
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.9 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iEYEARECAAYFAkogDOQACgkQE1XcgMgrtyZGgQCfWiGT5lRQBBLSfgG20sBbXsHr
 0mIAoNr/tvJ7D+aP19LhTzlz2e6aJjXP
 =Cr6s
 -END PGP SIGNATURE-
 
 

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Latest IOS for sup1/msfc2

2009-05-30 Thread Lamar Owen 
On Friday 29 May 2009 10:42:32 am Bill Blackford wrote:
 Is the 12.1 the latest series for this switch?

Yes.

 What is 12.1 E?

Enterprise train.

Variants are also found on the Catalyst 8540 CSR and MSR, Cat 8510 CSR/MSR, 
and Lightstream 1010.  A 12.1E was also available for 7500 and 7200, I think.  
Not sure of other platforms.

12.1E was maintained long after 12.1 regular went EOL.

You'll have to look at feature navigator or software advisor to get the 
details, but do take what feature navigator has to say with a teaspoon of 
salt.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/