Re: L2 redundant VPN
Can you enable aes-ni on your openvpn servers? Any newer intel xeon chipset should support it, but it is usually disabled (bios) by default. There are more tuning tips at http://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux - Original Message - From: Tomas Podermanski tpo...@cis.vutbr.cz To: nanog@nanog.org Sent: Monday, January 21, 2013 3:37:55 PM Subject: L2 redundant VPN Hi networking guys, I need some help :-). We try to find for our department reliable solution for L2 VPN. The task is to connect two remote data centers, each of them connected two 1Gbps lines (with link aggregation). Only IP connectivity between data centers is available (so there is no possibility to create circuit based on MPLS or something like that). The basic problem is that high reliability is required, so the solution have to be fully redundant. The initial idea was about two OpenVPN servers in each data center + two switches (HP E5800) joined into one logical switch via VRF. The link failure is based on LACP packets between both data centers. The solution works, however performance of OpenVPN is really creepy. The maximum we were able to get from this configuration was about 100Mbps. We expect at least 500Mbps (or more in the future). In our thoughts then we were thinking about l2tp on some cisco/HP(H3C) device, however there is little information about performance of that solution and I am not sure how the failure detection would work in redundant configuration. Have anybody some experience with similar solution or at least any idea ? Thanks a lot for thoughts Tomas
Re: Looking for recommendation on 10G Ethernet switch
You may want to take a look at the Brocade VDX 6720, it provides 16 10gb ports, with 8 ports on demand with addl license. They are very reasonable, esp. if you only need 16 ports. Maintenance costs are less than cisco. - Original Message - From: Eric Germann egerm...@limanews.com To: nanog@nanog.org Sent: Friday, November 2, 2012 10:13:01 AM Subject: Looking for recommendation on 10G Ethernet switch Colleagues, I'm looking for a recommendation on a smallish 10G Ethernet switch for a small virtualization/SAN implementation (4-5 hosts, 2 SAN boxes) over iSCSI with some legacy boxes on GigE. Preferably - 8-16 10G ports - several GigE ports for legacy GigE hosts or cross connect to a legacy GigE switch - preferably not a large chassis based solution with blades The hosts aren't going to be driving full line rate, nor the SAN boxes providing full line rate, but their offered loads will definitely exceed 1Gbps. Assessing whether it is better to go 10G now vs. multi-pathing with quad GigE cards. Trying to find the best solution for 1G on a trunk and $50K per box. Any recommendations appreciated. Thanks EKG
Re: Network Storage
If this is just for post analysis and you have another system (IDS) to identify the timeframe, a tape based system might be a better approach, esp if you want to retain forever. Maybe Library LTFS - Original Message - From: John T. Yocum john.yo...@fluidhosting.com To: Valdis Kletnieks valdis.kletni...@vt.edu Cc: nanog@nanog.org Sent: Thursday, April 12, 2012 5:37:38 PM Subject: Re: Network Storage On 4/12/2012 2:34 PM, valdis.kletni...@vt.edu wrote: On Thu, 12 Apr 2012 14:18:30 -0700, John T. Yocum said: In that case, just keep adding disks to you capture system, or use a NAS to do it. On Thu, 12 Apr 2012 13:43:49 -0700, Joel jaeggli said: 1TB is 2.276 hours at 1Gb/s If he's got a gigabit of traffic, he's going to be adding another shelf of 12 1T drives to that NAS - every day. If he gets the high-density shelves with 60 drives, he's only adding one a week. He's going to have to work smarter, not harder. He did indicate he's only storing the headers and a few bytes, not the full payload. --John
