The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] RE: Questions about MPLS
Danny wrote: > I prefer the CE-based IPSEC stuff. The difference should be > obvious (e.g., the SP sees nothing beyond standard IP packets) >> ...sure. But is IPSec at the CE more scalable than MPLS VPN at the >> PE? >As far as the SP is concerned, absolutely! How is this obvious or scalable??? First of all your assuming that any type of CPE a SP's customer wants to use supports IPsec, which is not at all true. Secondly, IPsec has a very limiting factor in scalability - the encryption/decryption "tax". Third, IPsec makes it very difficult for a SP to assist a customer in troubleshooting problems since the SP intermediate devices can't see what's going on inside the IPsec ESP payload. Look, I've got enough trouble trying to explain to customers why they can't actually get 1.544 Mbps off of a T-1, let alone trying to get them to buy into a technology that means they will take a performance hit for IPsec, so they'll have to buy a bigger router sooner than they expected. (But I suppose that's what vendors really want, right?) At least with MPLS VPNs they can re-use their existing equipment without the equipment having any knowledge of the VPN whatsoever. Correct me if I'm wrong, but the customer is still sending and receiving "standard IP packets". What do they care if I use spit and string as long as their business requirements and SLAs are met? By the way, in reference to your statement about "standard IP packets" take a look at IPsec in transport mode and tell me if I doesn't look a lot like MPLS labels... A shim header right behind the IP header and before the TCP header. Hmmm.... looks pretty similar to me! -Tim ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|