Co-lo + 5 (or more) sites....connect 'em all
-
@Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:
Shouldn't the first question be - how big are your pipes?
Then - how much of that will run over IPsec?
And - what features do you need?
That's a reasonable question(s)
- Pipe size: 1x 400/400 (AT&T), 3x 500/500 (Frontier) & 1x 1000/40 (Spectrum). Colo pipe will be adjusted as needed.
- How much over IPsec: as much as I can get!
- Features: mainly Site to Site VPN
Well, you have peak 1900 Mbps in one direction and 940 in the other. But you never get that all the way so 1000/1000 in the colo will likely be more than you need. If it's all going to be IPsec traffic then ER4/ER6 is too small. Do you need HA as well?
HA would be a nice "luxury" to have!
If the ER4/6 is too small, what other choice(s) are available?
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:
Shouldn't the first question be - how big are your pipes?
Then - how much of that will run over IPsec?
And - what features do you need?
That's a reasonable question(s)
- Pipe size: 1x 400/400 (AT&T), 3x 500/500 (Frontier) & 1x 1000/40 (Spectrum). Colo pipe will be adjusted as needed.
- How much over IPsec: as much as I can get!
- Features: mainly Site to Site VPN
- So the fastest reasonable is like 500, since the 1Gb has nothing else to talk to.
- That's never a good way to look at it. I see tons of places do this and then realize that they don't even touch what they hae.
- Is that even a need?
-
@Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@Pete-S said in Co-lo + 5 (or more) sites....connect 'em all:
Shouldn't the first question be - how big are your pipes?
Then - how much of that will run over IPsec?
And - what features do you need?
That's a reasonable question(s)
- Pipe size: 1x 400/400 (AT&T), 3x 500/500 (Frontier) & 1x 1000/40 (Spectrum). Colo pipe will be adjusted as needed.
- How much over IPsec: as much as I can get!
- Features: mainly Site to Site VPN
Well, you have peak 1900 Mbps in one direction and 940 in the other. But you never get that all the way so 1000/1000 in the colo will likely be more than you need. If it's all going to be IPsec traffic then ER4/ER6 is too small. Do you need HA as well?
Oh, I assumed that those were all different sites, not all in one. Then yeah, that's a lot of speed.
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
If the ER4/6 is too small, what other choice(s) are available?
Way too small. You are talking about some crazy serious stuff here.
First, you need to figure out your pipe aggregation and speed from the other sites. The VPN piece isn't so hard, but combining all of those pipes will be.
-
So the plan to do BGP routing?
-
@scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:
So the plan to do BGP routing?
I'm just trying to keep it real simple & take advantage of the available internet speeds!
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:
So the plan to do BGP routing?
I'm just trying to keep it real simple & take advantage of the available internet speeds!
If you have all of those connections to a single colo (I'm not sure that that is what you were saying, trying to figure that out) then there is no simple answer. It's going to be really complex to try to aggregate them.
-
@scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@scottalanmiller said in Co-lo + 5 (or more) sites....connect 'em all:
So the plan to do BGP routing?
I'm just trying to keep it real simple & take advantage of the available internet speeds!
If you have all of those connections to a single colo (I'm not sure that that is what you were saying, trying to figure that out) then there is no simple answer. It's going to be really complex to try to aggregate them.
On the colo side, he has a possible max of 400 + 500 + 500 + 500 + coax (ignored). That is where 1900 came from, 4 remote sites with solid fiber connections.
Now, there is no individual IPSEC tunnel that needs more than 500. He is not aggregating anything.
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
- How much over IPsec: as much as I can get!
What does this even mean?
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
- Features: mainly Site to Site VPN
Duh, that was that point of the entire thread.
What are you doing over the tunnel?
-
@JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
- Features: mainly Site to Site VPN
Duh, that was that point of the entire thread.
What are you doing over the tunnel?
S2S!! Like you said, this is the point of the thread.
-
@JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
- How much over IPsec: as much as I can get!
What does this even mean?
As much of the available bandwidth (per site) as I can get, this is definitely hardware constrained by the router used.
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
- Features: mainly Site to Site VPN
Duh, that was that point of the entire thread.
What are you doing over the tunnel?
S2S!! Like you said, this is the point of the thread.
No, the tunnel is for site to site. But that means shit. What is going through the tunnel. That is what matters.
-
@JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:
No, the tunnel is for site to site. But that means shit. What is going through the tunnel. That is what matters.
Ahh, I missed the question.
Mainly RDP type traffic. -
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:
No, the tunnel is for site to site. But that means shit. What is going through the tunnel. That is what matters.
Ahh, I missed the question.
Mainly RDP type traffic.So you are making a tunnel for a tunnel.
WTF are you pushing over RDP that needs 400mbps?You should have no need for those speeds.
-
@JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:
So you are making a tunnel for a tunnel.
I guess you could call it that!
WTF are you pushing over RDP that needs 400mbps?
I'm just trying to take advantage of the solid connections at both ends
You should have no need for those speeds.
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
@JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:
So you are making a tunnel for a tunnel.
I guess you could call it that!
WTF are you pushing over RDP that needs 400mbps?
I'm just trying to take advantage of the solid connections at both ends
You should have no need for those speeds.
Right, pop an ER4 in every location and pin up solid IPSEC connections and you will run smooth.
On the rare occasion that you pull more than a few mbps at any one site, you will still be good for it.
Or if you rally want more, then spin up vyatta on your own hardware, or pfSense, or TNSR. Just don't use OpenVPN. Use IPSEC.
-
@JaredBusch said in Co-lo + 5 (or more) sites....connect 'em all:
...pfSense, or TNSR. Just don't use OpenVPN. Use IPSEC.
Yep, heard that a few times...no OpenVPN.
pfSense + TNSR sounds interesting, just not sure if it's worth the "hassle" procuring my own hardware (which really isn't a big deal) vs ER4.
It's probably not a bad idea to at least speak w the pfSense folks. -
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
pfSense + TNSR sounds interesting, just not sure if it's worth the "hassle" procuring my own hardware (which really isn't a big deal) vs ER4.
Exactly, this is where I think we all are... there is a really, REALLY simple and supported solution that nearly everyone uses and works SO well.
And then there is "playing around with all kinds of projects just to be weird' which is what the other feels like. If you don't have some documented need for that, I wouldn't even consider it.
-
@FATeknollogee said in Co-lo + 5 (or more) sites....connect 'em all:
It's probably not a bad idea to at least speak w the pfSense folks.
It's always a bad idea to ask a vendor a question like this. Always.