[c-nsp] MPLS

Ivan Pepelnjak ip at ioshints.info
Sat May 30 12:12:02 EDT 2009

Absolutely agree with Bruce. For your particular setup, it would be best to
use two pseudowires (A-B and B-C) and run your own routing protocol over
them. This would (worst case, try to avoid) also allow you to transport
non-IP LAN data between sites (I don't know what DS8100 can do). However,
keep in mind that VPWS or VPLS are not 100% reliable (you might experience
packet drops, jitter or congestion), so check what's acceptable with your
SAN vendor.

As for security: don't rely on the "MPLS/VPN is secure" pamphlets published
by vendors and "independent" labs. MPLS VPN is undoubtedly infinitely better
than public Internet, but if you need true security, use IPSEC. More details


Hope this helps

> -----Original Message-----
> From: Bruce Pinsky [mailto:bep at whack.org] 
> Sent: Friday, May 29, 2009 6:27 PM
> To: madunix
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] MPLS
> Hash: SHA1
> madunix wrote:
> > I have 3x sites with DS8100 SAN Storage at each side, I will be 
> > replicating data from one side to another (A - B, synchronous, 
> > distance 100Km) and (B-C, asynchronous, 300Km). Am thinking to use 
> > MPLS based on IP-VPN  since its secure and not visible to other 
> > customers or internet.
> > Out of your experience ...what do you think about ?
> > 
> Well, it's not "secure", it's simply routing isolated.  If 
> you want security, as in encryption, you will need to do that 
> on your own.
> If you need low convergence times, MPLS/VPN is probably not 
> your best choice.  I don't know of many (if any) providers 
> who will guarantee the convergence times through their 
> network.  You should expect convergence times in the 10's of 
> seconds or more for certain types of failures.
> You may want to consider getting an L2VPN solution such as 
> VPWS or VPLS and running your own routing protocol and 
> failure detection methods.
> - --
> =========
> bep
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 0mIAoNr/tvJ7D+aP19LhTzlz2e6aJjXP
> =Cr6s

More information about the cisco-nsp mailing list