[c-nsp] MPLS

chris at lavin-llc.com chris at lavin-llc.com
Fri May 29 15:11:54 EDT 2009

Bruce Pinsky  sent:

>madunix wrote:
>> I have 3x sites with DS8100 SAN Storage at each side, I will be
>> replicating data from one side to another (A - B, synchronous,
>> distance 100Km) and (B-C, asynchronous, 300Km). Am thinking to use
>> MPLS based on IP-VPN  since its secure and not visible to other
>> customers or internet.
>> Out of your experience ...what do you think about ?
>Well, it's not "secure", it's simply routing isolated.  If you want
>security, as in encryption, you will need to do that on your own.
>If you need low convergence times, MPLS/VPN is probably not your best
>choice.  I don't know of many (if any) providers who will guarantee the
>convergence times through their network.  You should expect convergence
>times in the 10's of seconds or more for certain types of failures.
>You may want to consider getting an L2VPN solution such as VPWS or VPLS and
>running your own routing protocol and failure detection methods.

I agree with Bruce. To take it a step further, you can get any kind of vanilla connectivity method and run your own DMVPN. This would allow you to 
encrypt the data yourself as well as run and tweak routing protocols as desired w/in the tunnels.


More information about the cisco-nsp mailing list