The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] IPSec and MPLS
Hi there, I'm planning to introduce an IP encrytion service on our MPLS network, and would like to here your opinion of how IPSec and MPLS are matching. They are both used to build VPN's over a public network and it seems pointless to use them in combination! Except when we want to encrypt VPN traffic over an MPLS network. I have a few specific questions which I believe are worth thinking about.(We are using hardware from THE vendor) - What is the impact on performance when turning on IPSec on a CE? (not directly related to MPLS) - Is IPsec really scalabel in VPN's with 100-200 sites? - As a consequence of using IPSec in an MPLS network, can I still offer CoS or are there any restrictions? (queuing,traffic classification, DSCP in IPSec header) - How is key management solved if encryption happens on a managed CE and key management has to be done by the customer? - Is IPSec on the CE the right solution or is a two box strategy the better option? (e.g. clear interface between provider and customer) - Are there any better solutions for encryption over an MPLS network? Thanks a million for your answers! Fredi ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|