[VoiceOps] IPSec VPN server

Jimmy Hess mysidia at gmail.com
Mon Jan 21 00:37:12 EST 2013 

On 1/20/13, Eric Wieling <EWieling at nyigc.com> wrote:

There are very few networking products in existence that haven't had
some kind of software stability problem  or bad hardware design
problem at one time or another; so don't mark down earlier version
experience against MicroTik.

I can tell you with certainty, that PIX515s  crash too, and in certain
configurations have very serious stability issues in certain
situations;  so do ASAs, and just about any router from any vendor.
There aren't many non-trivial devices you can't say that kind of thing
about.  Manufacturer instructions,  and running appropriate firmware
versions, are very important.


If it's a requirement that you have less than 1 crash a year,  then
that would most likely require something that can be used in a
failover pair;  possibly two of those PIX 51xx s.

Otherwise, there is really  no way on earth to have a significant
level of assurance of availability.
If you don't require an extensive feature set;  usually using the
simplest device and simplest software possible, will give you fewer
things that can break.

Using devices with more complex elements, like general purpose
computers with spinning disks,  would be asking for trouble,  even
though off the shelf servers that can run Linux are cheap.

Make sure the configuration will be simple, a common configuration for
the device, and fully supported and warranted by the manufacturer.

I definitely do expect the mature  appliance  products on stable
codebases,  which have more engineering into them, when used in fully
supported configurations to be on average a lot  more reliable than
some MicroTik components -- but the fact of the matter is  you might
have the bad luck of the draw,  in regards to hardware,  even with  a
competitors' device costing 100x as much.

Regardless of manufacturer, some percentage of the components will
have defects,  it could be a hardware defect so minor that it just
causes on average 2 crashes a year.


> We are looking for something which crashes LESS than once per year.   "had a
> few stability problems" doesn't give me a warm fuzzy feeling about the
> product.    Configuration management is nice, but how important is it for a
> device which is never modified and has only one tunnel?

--
-JH

More information about the VoiceOps mailing list