Jeff,

know that, under Linux, they do that, but it doesn't make it
correct. :-) It just makes it confusing. It's one of the reasons that I think
so many people confuse MTU and MSS.

I agree.

Just for the record, ImageStream supports but does not recommend using CIPE as our first choice. We highly encourage customers to use OpenVPN. It is more secure, far more extensible and feature-rich and has considerable market force
behind it (unlike CIPE).

That statement definately needs further clarification, as we need to define which applications you are referring to in that comment.

We use and support OPEN VPN on our routers as well. We use it frequently from customer's central office to customer's remote offices. We also were considering on using it as the VPN method between our Central Management / Monitoring PCs and our remote distributed Routers in our network redesign. For any of those Purposes, specific to a customer or our own use, CIPE would not have been our choice. I look at CIPE as a good alternative to IPSEC. I do not see how Open VPN could be a replacement for CIPE in the applications where we feel CIPE is required.

We use CIPE in one broad application. We need to make a connection between Cell Site A and Cell Site B. And between those two cell sites, the interconnecting backhaul (usually third party ethernet fiber provider ) does not support passing packets with an MTU higher than 1500 bytes. In most cases, the Fiber provider uses layer3 private IP addresses to route our data across their network. To maintain and property distribute our IP space, we need to cross these connections in some method of tunneling. We can NOT chose a method of tunneling that increases the MTU or the Fiber carrier will not pass our data across the circuit without forcing packets to be permanently fragmented. (some ISPs will drop fragmented packets as well as not Customer VPN friendly). We can not chose a tunneling method that shrinks the MTU, as then customer's data would not pass our network. The reason for us to tunnel is to maintain IP, not to provide optimal security. We need to select a VPN method that will work with any other VPN that the customer might use for their own need for their corporate network. We need to support "Any/All VPN within our VPN" compatibility. To the best of my knowledge, the only tunneling protocol to be able to handle this in an amicable way is CIPE. Because CIPE takes care of spliting the packet to fit into 1500 MTU, and reassemble packet on other end, only when needed for optimal performance.

To the best of my knowledge, OPEN VPN does not support this application as listed above. If you feel Open VPN can accomplish this, please clarify how.

(On a side note, OPEN VPN is also a technology that supports unique reasons to choose Linux routers over name brand applications like Cisco.)

Actually I'm interested in learning/comparing ANY tunneling protocol that can accomplsih the above requirements. But performance and compatibilty is a key factor. When we selected CIPE, we did it because it was able to solve the problem in the most efficient manner with the least amount of overhead to maintain performance.

Tom DeReggi
RapidDSL & Wireless, Inc
IntAirNet- Fixed Wireless Broadband

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to