J.P. King wrote: >> Remember to also deploy IPsec to protect the iSCSI traffic. You want at >> least IPsec with AH to get integrity protection on the wire and for cross >> site you likely what ESP+Auth as well. > > How will this help given dark fibre between the sites? I'm not doing this > over a public internet!
The IPsec AH is to ensure that you don't get corruption on the wire - this is especially important if the iSCSI targets are not ZVOLs but even then I'd highly recommend it. If you are happy with the physical security of your cable then you don't need the ESP. -- Darren J Moffat _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
