On Mon, 22 Nov 2004 20:24:15 +0200 (EET), Pekka Savola <pekkas@netcore.fi> wrote:
On Sun, 21 Nov 2004 bmanning@vacation.karoshi.com wrote:
This seems to imply several things: - when having lots of sites, you typically want to obtain local Internet connectivity, because transporting all the traffic over links or VPNs is a pretty heavy business
this is an assertion which many have claimed is false. based on empericial evidence. ... Care to offer a couple of examples of this empirical evidence ?
Well you'll have to get some kind of link unless you don't want to move packets. Leave it up to the business case to dictate your connection type. At least on the topic of backhauling traffic over the vpn, it's really no worse than having all your offices connect back to the central site in plaintext. Crypto is cheap these days. When my 133MHz home firewall can push 50Mbps down the vpn with a $70 crypto board, there's no way a simple VPN can be considered "pretty heavy business". Look at all the CPU vendors squawking about on-die crypto (to say nothing of the vendors of crypto cards). There are a number of decent vendors of VIA C3 based systems without any need for moving parts that'll give you full duplex crypto on 3 100mbit links with processor time and bus cycles to spare. /me waits for Henning to say something about openbsd and C3's... -- GDB has a 'break' feature; why doesn't it have 'fix' too?