Dear, Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements) I want to setup a L3 VPN between 2 satellite connections Even additionally if that hardware would also support WAN bonding even better because I also have a scenario to connect 2 times 2 satellites to have more capacity for my L3 VPN Regards, Rens
Why not use a standard Cisco router or Asa for the routing and VPN and put a riverbed steelhead on both ends to do Tcp optimization and compression. On Apr 30, 2012, at 5:42 AM, "Rens" <rens@autempspourmoi.be> wrote:
Dear,
Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements)
I want to setup a L3 VPN between 2 satellite connections
Even additionally if that hardware would also support WAN bonding even better because I also have a scenario to connect 2 times 2 satellites to have more capacity for my L3 VPN
Regards,
Rens
IPSec does not run well over satellite since the TCP headers are also encrypted -----Original Message----- From: Gmail [mailto:jason.tredup@gmail.com] Sent: maandag 30 april 2012 13:30 To: Rens Cc: <nanog@nanog.org> Subject: Re: VPN over satellite Why not use a standard Cisco router or Asa for the routing and VPN and put a riverbed steelhead on both ends to do Tcp optimization and compression. On Apr 30, 2012, at 5:42 AM, "Rens" <rens@autempspourmoi.be> wrote:
Dear,
Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements)
I want to setup a L3 VPN between 2 satellite connections
Even additionally if that hardware would also support WAN bonding even better because I also have a scenario to connect 2 times 2 satellites to have more capacity for my L3 VPN
Regards,
Rens
I did developed my own accelerator in 2006(globax) and have customers till now, but only for one-way ISP's in CIS region, and partially Europe (Germany). Sure worked with satellite internet all that years. But since i am not interested to advertise it here(working only for ISPs), i will mention possible alternatives: There was few solutions, most of them was from Tellinet and Mentat. Tellinet are for Newtec now, and Mentat are for Packeteer(and Packeteer for Bluecoat). Last time i seen optimization option in Packetshaper from Bluecoat. Probably worth to visit Newtec, as i see your domain are .be, and their HQ in Belgium. Riverbed, i heard about them, but never tried. Most of TDMA VSAT modems also has embedded accelerators. Please let me know if you want to know anything else. On 2012-04-30 15:06, Rens wrote:
IPSec does not run well over satellite since the TCP headers are also encrypted
-----Original Message----- From: Gmail [mailto:jason.tredup@gmail.com] Sent: maandag 30 april 2012 13:30 To: Rens Cc: <nanog@nanog.org> Subject: Re: VPN over satellite
Why not use a standard Cisco router or Asa for the routing and VPN and put a riverbed steelhead on both ends to do Tcp optimization and compression.
On Apr 30, 2012, at 5:42 AM, "Rens" <rens@autempspourmoi.be> wrote:
Dear,
Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements)
I want to setup a L3 VPN between 2 satellite connections
Even additionally if that hardware would also support WAN bonding even better because I also have a scenario to connect 2 times 2 satellites to have more capacity for my L3 VPN
Regards,
Rens
--- Network engineer Denys Fedoryshchenko Dora Highway - Center Cebaco - 2nd Floor Beirut, Lebanon Tel: +961 1 247373 E-Mail: denys@visp.net.lb
Most satellite modems offer built in TCP acceleration options heavily optimized for VSAT use and an encryption option (proprietary to their hardware only) which is probably your best bet. You can then use traditional encryption to your satellite provider (or take Ethernet handoff at the satellite earth station with co-located equipment, if appropriate). Otherwise, if this is not adequate you can use any traditional acceleration solution at the end sites, just check with the vendor for how optimized they are for your latency scenario. For various reasons, you're best not bonding. Just obtain a bigger space segment. It's literally scalable to at least ~35 megabit with ease by buying the appropriate sized pipe. Otherwise if you must bond I suggest you consider traditional ip routing mechanisms to do so on a per-flow basis. On Mon, Apr 30, 2012 at 3:42 AM, Rens <rens@autempspourmoi.be> wrote:
Dear,
Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements)
I want to setup a L3 VPN between 2 satellite connections
Even additionally if that hardware would also support WAN bonding even better because I also have a scenario to connect 2 times 2 satellites to have more capacity for my L3 VPN
Regards,
Rens
"You can then use traditional encryption to your satellite provider (or take Ethernet handoff at the satellite earth station with co-located equipment, if appropriate)." True...except for most audit/regulatory purposes, having the traffic unencrypted in any part of the chain is unacceptable. "Just obtain a bigger space segment. It's literally scalable to at least ~35 megabit with ease by buying the appropriate sized pipe." True, but you have to make sure you have the right modem. The majority of modems in VSAT stacks can go up to ~10mbps. You usually have to shell out quite a bit more money to get a modem capable of handling larger bandwidths. "Otherwise, if this is not adequate you can use any traditional acceleration solution at the end sites, just check with the vendor for how optimized they are for your latency scenario." Exactly. Figuring out *what* specifically you want to accelerate is vital. Virtually any accelerator on the market can handle FTP, HTTP and other simple protocols. It takes a lot of know-how to properly accelerate some of the more complex ones. On Mon, Apr 30, 2012 at 7:58 PM, PC <paul4004@gmail.com> wrote:
Most satellite modems offer built in TCP acceleration options heavily optimized for VSAT use and an encryption option (proprietary to their hardware only) which is probably your best bet. You can then use traditional encryption to your satellite provider (or take Ethernet handoff at the satellite earth station with co-located equipment, if appropriate).
Otherwise, if this is not adequate you can use any traditional acceleration solution at the end sites, just check with the vendor for how optimized they are for your latency scenario.
For various reasons, you're best not bonding. Just obtain a bigger space segment. It's literally scalable to at least ~35 megabit with ease by buying the appropriate sized pipe. Otherwise if you must bond I suggest you consider traditional ip routing mechanisms to do so on a per-flow basis.
On Mon, Apr 30, 2012 at 3:42 AM, Rens <rens@autempspourmoi.be> wrote:
Dear,
Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements)
I want to setup a L3 VPN between 2 satellite connections
Even additionally if that hardware would also support WAN bonding even better because I also have a scenario to connect 2 times 2 satellites to have more capacity for my L3 VPN
Regards,
Rens
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Hi Rens, I work with one of the leading satellite providers. Depending on the customer type, we deploy a number of solutions (some work better for some, some work better for others). Most off-the-shelf solutions are more or less designed in a client/server manner (the optimizations they employ are usually asymmetrical, as most clients either just push or just pull data). It sounds like you need an end to end solution that is not optimizing a particular type of data. Riverbed could be one, but I haven't really tested it in a setup resembling yours. Some of our customers use it, but they mostly pull data so I can't really tell if it works for you. You could contact me off-list to let me know who your satellite provider is. If it's the company I work with, perhaps we can bounce some ideas around. Cheers Vlad -- PacketDam: a cost-effective software solution against DDoS On Monday, April 30, 2012 at 10:42 AM, Rens wrote:
Dear,
Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements)
I want to setup a L3 VPN between 2 satellite connections
Even additionally if that hardware would also support WAN bonding even better because I also have a scenario to connect 2 times 2 satellites to have more capacity for my L3 VPN
Regards,
Rens
On Mon, 30 Apr 2012 02:42:27 -0700, Rens <rens@autempspourmoi.be> wrote:
Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements)
I'd try splitting the solution into two devices: at the lower layer, the tunneling part, which can be done with any traditional transport-layer VPN solution; at the higher layer (prior to encryption), the TCP enhancement part, for which, I'd look for dedicated and specialized multipoint WAN optimization devices.
I want to setup a L3 VPN between 2 satellite connections
That's brave! I'd check with the satellite provider if they are able to forward your frames directly from VSAT to VSAT without going through the hub, and, if multiple satellites are used, if they can route between satellites. Most don't. Those two above are NOT easy to do. They will most probably make your packets "double-hop", so your latency will be about 1.4 seconds. -- Octavio.
Could anybody recommend any hardware that can build a VPN that works well over satellite connections? (TCP enhancements) Have you asked Genua? www.genua.de Word on the street says they have a solution, but it may not appear on
Hi, On Mon, 30 Apr 2012 02:42:27 -0700, Rens <rens@autempspourmoi.be> wrote: their homepage ;) regards Dan -- Dan Luedtke http://www.danrl.de
participants (8)
-
Dan Luedtke -
Denys Fedoryshchenko -
Gmail -
Mike Hale -
Octavio Alvarez -
PC -
Rens -
Vlad Galu