Re: China Telecom VPN problems (again)

[Warren Bailey <wbailey () satelliteintelligencegroup com>]

Since when is heavy encryption cool in China? Export restrictions smoke all of the decent crypto options. Secondly, 
anything that is going to happen mpls wise is going to go through MIIT.. You would be shocked how long licenses could 
take. I was the senior engineer on a project that involved in-flight connectivity via satellite, 2 years later and 
there are still no licenses. When I asked the Chinese officials (senior party officials) about an unrestricted pipe 
past the great firewall I was laughed out of the room.. The Chinese exert total control of outbound data on the 
mainland. Even when you get the OK to turn up, they still want a hard feed into their DPI, in our case knowing the 
sites (foreign flagged aircraft) transiting the network were only in their AIRSPACE. China is a cool place, but you 
need to take your patience and checkbook if you want to have any hope in getting what you want.


> From my Galaxy Note II, please excuse any mistakes.


-------- Original message --------
From: Tom Paseka <tom () cloudflare com>
Date: 12/05/2012 11:27 AM (GMT-08:00)
To: Christopher Morrow <morrowc.lists () gmail com>
Cc: Warren Bailey <wbailey () satelliteintelligencegroup com>,nanog () nanog org
Subject: Re: China Telecom VPN problems (again)



On Wed, Dec 5, 2012 at 11:25 AM, Christopher Morrow <morrowc.lists () gmail com<mailto:morrowc.lists () gmail com>> 
wrote:
On Wed, Dec 5, 2012 at 2:19 PM, Tom Paseka <tom () cloudflare com<mailto:tom () cloudflare com>> wrote:
> Its quite easy to get MPLS-VPN connectivity into China (Pacnet, Singtel,
> CPCNet, etc, will offer), but at a price.

mpls != ipsec ... perhaps the OP wants some privacy and authentication and such?

run IPSEC over the MPLS-VPN. It'll be a lot more stable than over public internet.