Since when is heavy encryption cool in China? Export restrictions smoke all of the decent crypto options. Secondly, anything that is going to happen mpls wise is going to go through MIIT.. You would be shocked how long licenses could take. I was the senior engineer on a project that involved in-flight connectivity via satellite, 2 years later and there are still no licenses. When I asked the Chinese officials (senior party officials) about an unrestricted pipe past the great firewall I was laughed out of the room.. The Chinese exert total control of outbound data on the mainland. Even when you get the OK to turn up, they still want a hard feed into their DPI, in our case knowing the sites (foreign flagged aircraft) transiting the network were only in their AIRSPACE. China is a cool place, but you need to take your patience and checkbook if you want to have any hope in getting what you want.
From my Galaxy Note II, please excuse any mistakes.
-------- Original message -------- From: Tom Paseka <tom@cloudflare.com> Date: 12/05/2012 11:27 AM (GMT-08:00) To: Christopher Morrow <morrowc.lists@gmail.com> Cc: Warren Bailey <wbailey@satelliteintelligencegroup.com>,nanog@nanog.org Subject: Re: China Telecom VPN problems (again) On Wed, Dec 5, 2012 at 11:25 AM, Christopher Morrow <morrowc.lists@gmail.com<mailto:morrowc.lists@gmail.com>> wrote: On Wed, Dec 5, 2012 at 2:19 PM, Tom Paseka <tom@cloudflare.com<mailto:tom@cloudflare.com>> wrote:
Its quite easy to get MPLS-VPN connectivity into China (Pacnet, Singtel, CPCNet, etc, will offer), but at a price.
mpls != ipsec ... perhaps the OP wants some privacy and authentication and such? run IPSEC over the MPLS-VPN. It'll be a lot more stable than over public internet.