ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Co-lo + 5 (or more) sites....connect 'em all

    Scheduled Pinned Locked Moved IT Discussion
    edgerouteredgerouter 4colocationit supportvpnzerotier
    82 Posts 7 Posters 9.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      1337
      last edited by

      Just to show how much DPDK can improve things when you have lots of packets and fast interfaces. This is a performance tests using 4x10GbE.
      dpdk_total-test-throughput.png

      1 Reply Last reply Reply Quote 0
      • FATeknollogeeF
        FATeknollogee @scottalanmiller
        last edited by

        @scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:

        Yeah, this is 100% about selecting the CPU, nothing else.

        If that's the case, there should be some "better/more" choices than the ER4?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @FATeknollogee
          last edited by

          @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

          @scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:

          Yeah, this is 100% about selecting the CPU, nothing else.

          If that's the case, there should be some "better/more" choices than the ER4?

          Your basic choices are....

          ER4 is you want cheap, small hardware.
          Bigger Ubiquiti if you want the same but even faster.
          Whitebox with larger than Ubiquiti scale hardware.

          There are loads of vendors out there, but you are pretty much replicating these three underlying choices in some way. Small hardware, big hardware, white box. In all cases, IPSec is the choice for the fastest option on the given platform.

          FATeknollogeeF 1 Reply Last reply Reply Quote 1
          • FATeknollogeeF
            FATeknollogee @scottalanmiller
            last edited by

            @scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:

            Your basic choices are....

            ER4 is you want cheap, small hardware.
            Bigger Ubiquiti if you want the same but even faster.
            Whitebox with larger than Ubiquiti scale hardware.

            Cheap: ER4/ER6
            Bigger Ubiquiti: ER Infinity
            Whitebox: pfSense (insert fav brand) w own hardware - bigger/faster cpu, more RAM, SSD, Intel NICs etc

            1 Reply Last reply Reply Quote 0
            • 1
              1337
              last edited by

              Shouldn't the first question be - how big are your pipes?

              Then - how much of that will run over IPsec?

              And - what features do you need?

              FATeknollogeeF 1 Reply Last reply Reply Quote 2
              • FATeknollogeeF
                FATeknollogee @1337
                last edited by FATeknollogee

                @Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:

                Shouldn't the first question be - how big are your pipes?

                Then - how much of that will run over IPsec?

                And - what features do you need?

                That's a reasonable question(s)

                1. Pipe size: 1x 400/400 (AT&T), 3x 500/500 (Frontier) & 1x 1000/40 (Spectrum). Colo pipe will be adjusted as needed.
                2. How much over IPsec: as much as I can get!
                3. Features: mainly Site to Site VPN
                1 scottalanmillerS JaredBuschJ 4 Replies Last reply Reply Quote 0
                • 1
                  1337 @FATeknollogee
                  last edited by 1337

                  @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                  @Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:

                  Shouldn't the first question be - how big are your pipes?

                  Then - how much of that will run over IPsec?

                  And - what features do you need?

                  That's a reasonable question(s)

                  1. Pipe size: 1x 400/400 (AT&T), 3x 500/500 (Frontier) & 1x 1000/40 (Spectrum). Colo pipe will be adjusted as needed.
                  2. How much over IPsec: as much as I can get!
                  3. Features: mainly Site to Site VPN

                  Well, you have peak 1900 Mbps in one direction and 940 in the other. But you never get that all the way so 1000/1000 in the colo will likely be more than you need. If it's all going to be IPsec traffic then ER4/ER6 is too small. Do you need HA as well?

                  FATeknollogeeF scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • FATeknollogeeF
                    FATeknollogee @1337
                    last edited by

                    @Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:

                    @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                    @Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:

                    Shouldn't the first question be - how big are your pipes?

                    Then - how much of that will run over IPsec?

                    And - what features do you need?

                    That's a reasonable question(s)

                    1. Pipe size: 1x 400/400 (AT&T), 3x 500/500 (Frontier) & 1x 1000/40 (Spectrum). Colo pipe will be adjusted as needed.
                    2. How much over IPsec: as much as I can get!
                    3. Features: mainly Site to Site VPN

                    Well, you have peak 1900 Mbps in one direction and 940 in the other. But you never get that all the way so 1000/1000 in the colo will likely be more than you need. If it's all going to be IPsec traffic then ER4/ER6 is too small. Do you need HA as well?

                    HA would be a nice "luxury" to have!

                    If the ER4/6 is too small, what other choice(s) are available?

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @FATeknollogee
                      last edited by

                      @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                      @Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:

                      Shouldn't the first question be - how big are your pipes?

                      Then - how much of that will run over IPsec?

                      And - what features do you need?

                      That's a reasonable question(s)

                      1. Pipe size: 1x 400/400 (AT&T), 3x 500/500 (Frontier) & 1x 1000/40 (Spectrum). Colo pipe will be adjusted as needed.
                      2. How much over IPsec: as much as I can get!
                      3. Features: mainly Site to Site VPN
                      1. So the fastest reasonable is like 500, since the 1Gb has nothing else to talk to.
                      2. That's never a good way to look at it. I see tons of places do this and then realize that they don't even touch what they hae.
                      3. Is that even a need?
                      1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller @1337
                        last edited by

                        @Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:

                        @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                        @Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:

                        Shouldn't the first question be - how big are your pipes?

                        Then - how much of that will run over IPsec?

                        And - what features do you need?

                        That's a reasonable question(s)

                        1. Pipe size: 1x 400/400 (AT&T), 3x 500/500 (Frontier) & 1x 1000/40 (Spectrum). Colo pipe will be adjusted as needed.
                        2. How much over IPsec: as much as I can get!
                        3. Features: mainly Site to Site VPN

                        Well, you have peak 1900 Mbps in one direction and 940 in the other. But you never get that all the way so 1000/1000 in the colo will likely be more than you need. If it's all going to be IPsec traffic then ER4/ER6 is too small. Do you need HA as well?

                        Oh, I assumed that those were all different sites, not all in one. Then yeah, that's a lot of speed.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @FATeknollogee
                          last edited by

                          @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                          If the ER4/6 is too small, what other choice(s) are available?

                          Way too small. You are talking about some crazy serious stuff here.

                          First, you need to figure out your pipe aggregation and speed from the other sites. The VPN piece isn't so hard, but combining all of those pipes will be.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            So the plan to do BGP routing?

                            FATeknollogeeF 1 Reply Last reply Reply Quote 0
                            • FATeknollogeeF
                              FATeknollogee @scottalanmiller
                              last edited by

                              @scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:

                              So the plan to do BGP routing?

                              I'm just trying to keep it real simple & take advantage of the available internet speeds!

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @FATeknollogee
                                last edited by

                                @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                                @scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:

                                So the plan to do BGP routing?

                                I'm just trying to keep it real simple & take advantage of the available internet speeds!

                                If you have all of those connections to a single colo (I'm not sure that that is what you were saying, trying to figure that out) then there is no simple answer. It's going to be really complex to try to aggregate them.

                                JaredBuschJ 1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:

                                  @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                                  @scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:

                                  So the plan to do BGP routing?

                                  I'm just trying to keep it real simple & take advantage of the available internet speeds!

                                  If you have all of those connections to a single colo (I'm not sure that that is what you were saying, trying to figure that out) then there is no simple answer. It's going to be really complex to try to aggregate them.

                                  On the colo side, he has a possible max of 400 + 500 + 500 + 500 + coax (ignored). That is where 1900 came from, 4 remote sites with solid fiber connections.

                                  Now, there is no individual IPSEC tunnel that needs more than 500. He is not aggregating anything.

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @FATeknollogee
                                    last edited by

                                    @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                                    1. How much over IPsec: as much as I can get!

                                    What does this even mean?

                                    FATeknollogeeF 1 Reply Last reply Reply Quote 0
                                    • JaredBuschJ
                                      JaredBusch @FATeknollogee
                                      last edited by

                                      @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                                      1. Features: mainly Site to Site VPN

                                      Duh, that was that point of the entire thread.

                                      What are you doing over the tunnel?

                                      FATeknollogeeF 1 Reply Last reply Reply Quote 0
                                      • FATeknollogeeF
                                        FATeknollogee @JaredBusch
                                        last edited by

                                        @JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:

                                        @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                                        1. Features: mainly Site to Site VPN

                                        Duh, that was that point of the entire thread.

                                        What are you doing over the tunnel?

                                        S2S!! Like you said, this is the point of the thread.

                                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                                        • FATeknollogeeF
                                          FATeknollogee @JaredBusch
                                          last edited by FATeknollogee

                                          @JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:

                                          @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                                          1. How much over IPsec: as much as I can get!

                                          What does this even mean?

                                          As much of the available bandwidth (per site) as I can get, this is definitely hardware constrained by the router used.

                                          1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @FATeknollogee
                                            last edited by

                                            @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                                            @JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:

                                            @FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:

                                            1. Features: mainly Site to Site VPN

                                            Duh, that was that point of the entire thread.

                                            What are you doing over the tunnel?

                                            S2S!! Like you said, this is the point of the thread.

                                            No, the tunnel is for site to site. But that means shit. What is going through the tunnel. That is what matters.

                                            FATeknollogeeF 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 3 / 5
                                            • First post
                                              Last post