nanog mailing list archives
Re: large scale ipsec
From: "Scott Weeks" <surfer () mauigateway com>
Date: Fri, 1 Nov 2013 11:30:55 -0700
--- morrowc.lists () gmail com wrote: From: Christopher Morrow <morrowc.lists () gmail com> One good reason to not do link encryption is: "the problem is that whackadoodle box you put outside the router!" :( most often those boxes can't do light-level monitoring, loopbacks, etc... all the stuff your NOC wants to do when 'link flapped,doh!' happens. ----------------------------------------------------- Yes! It is really hard to work with those things for the reasons you mention and they tend to be the culprit quite often. Also, a lot of times it adds more finger pointing as there tends to be a different group taking care of just the bulk encryptors. Last, I have seen some strange behaviors, such as not passing BPDUs. That makes VLANing *phun*. Not! scott
Current thread:
- large scale ipsec Jan Schaumann (Nov 01)
- Re: large scale ipsec Paul Stewart (Nov 01)
- Re: large scale ipsec David Barak (Nov 01)
- Re: large scale ipsec Christopher Morrow (Nov 01)
- Re: large scale ipsec Jan Schaumann (Nov 01)
- Re: large scale ipsec Christopher Morrow (Nov 01)
- Re: large scale ipsec Christopher Morrow (Nov 01)
- <Possible follow-ups>
- Re: large scale ipsec Scott Weeks (Nov 01)