[c-nsp] MPLS
madunix
madunix at gmail.com
Sun May 31 05:42:15 EDT 2009
I agree with you all , most ip networks do not manage BW to each
connection, specailly for peak performance it can go infinity to
observe more replication copy sets, i.e. the B will never be synch
with C, at the moment am using 2Mbps for Data replication between B
and C, as finding when sites are located many miles, there can be
unacceptable delays in the completion of an I/O. Increasing the
available BW may not solve this issue ..., since am using FCIP router
between the 2xsites.
so some recommendation for managing bandwidth with FCIP over should be
done, such as
1. create VPN with QoS
2. guarantee the BW using a third party router/WAN optimizer.
3. distance
4. size of Data
5. the RTO and RTP should be defined
just my thoughts about this issue
madunix
On Sat, May 30, 2009 at 6:12 PM, Ivan Pepelnjak <ip at ioshints.info> wrote:
> Absolutely agree with Bruce. For your particular setup, it would be best to
> use two pseudowires (A-B and B-C) and run your own routing protocol over
> them. This would (worst case, try to avoid) also allow you to transport
> non-IP LAN data between sites (I don't know what DS8100 can do). However,
> keep in mind that VPWS or VPLS are not 100% reliable (you might experience
> packet drops, jitter or congestion), so check what's acceptable with your
> SAN vendor.
>
> As for security: don't rely on the "MPLS/VPN is secure" pamphlets published
> by vendors and "independent" labs. MPLS VPN is undoubtedly infinitely better
> than public Internet, but if you need true security, use IPSEC. More details
> here:
>
> http://blog.ioshints.info/2009/04/true-or-false-mpls-vpns-offer.html
>
> Hope this helps
> Ivan
>
> http://www.ioshints.info/about
> http://blog.ioshints.info/
>
>> -----Original Message-----
>> From: Bruce Pinsky [mailto:bep at whack.org]
>> Sent: Friday, May 29, 2009 6:27 PM
>> To: madunix
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] MPLS
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> madunix wrote:
>> > I have 3x sites with DS8100 SAN Storage at each side, I will be
>> > replicating data from one side to another (A - B, synchronous,
>> > distance 100Km) and (B-C, asynchronous, 300Km). Am thinking to use
>> > MPLS based on IP-VPN since its secure and not visible to other
>> > customers or internet.
>> > Out of your experience ...what do you think about ?
>> >
>>
>> Well, it's not "secure", it's simply routing isolated. If
>> you want security, as in encryption, you will need to do that
>> on your own.
>>
>> If you need low convergence times, MPLS/VPN is probably not
>> your best choice. I don't know of many (if any) providers
>> who will guarantee the convergence times through their
>> network. You should expect convergence times in the 10's of
>> seconds or more for certain types of failures.
>>
>> You may want to consider getting an L2VPN solution such as
>> VPWS or VPLS and running your own routing protocol and
>> failure detection methods.
>>
>> - --
>> =========
>> bep
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iEYEARECAAYFAkogDOQACgkQE1XcgMgrtyZGgQCfWiGT5lRQBBLSfgG20sBbXsHr
>> 0mIAoNr/tvJ7D+aP19LhTzlz2e6aJjXP
>> =Cr6s
>> -----END PGP SIGNATURE-----
>>
>>
>
>
More information about the cisco-nsp
mailing list