On Saturday, June 08, 2013 6:44 PM, Ryan Malayter [mailto:malayter@gmail.com] wrote:
Speaking from the content provider dide here, but we've always run IPsec on DCIs and even "private" T1s/DS3s back in the day. Doesn't everyone do the same these days? I find it hard to imagine passing any audit/compliance process without doing so. "Private lines" or "dedicated fiber" always pass through much public, unmanaged, and unmonitored space infrastructure. And we know better than to trust our providers to never screw up and mis-route traffic.
I see that there is actually a beast that will do encryption of multiple 10G waves between Cisco ONS boxes - https://www.cisco.com/en/US/prod/collateral/optical/ps5724/ps2006/at_a_glanc... How many people are actually doing this?