MPLS alternative
-
@Dashrender said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
@hobbit666 said in MPLS alternative:
I'd guess we still would want a Firewall of some sorts at each site?
Every LAN should have a firewall (and has to have one, it is the firewall that makes it a network, it's literally impossible to have a network without a firewall.)
Note: This is because all firewalls are routers and all routers are firewalls. Technically you can make a router exist without being a firewall, but not if you need standard network addressing and no one has made one of these for decades because it would be useless. So while yes, they aren't the same thing in reality, they absolutely are in practice.
I can't agree with you here scott - only thing required to make a network is NICs and some type of connectivity between them. Now if you're talking about one that access the internet or other networks - then I agree with you.
Okay... with the implication that it has to talk to something. Obviously.
-
@Dashrender said in MPLS alternative:
@hobbit666 said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
Anything you can get in a leased line you can get in an Internet line for the same or cheaper. Leased lines aren't magic, they are just the same lines without Internet access.
Wrong!!! We are in the UK and bound by Openreach infrastructure, where some site only have ADSL products and long line lengths. If we need more bandwidth we have to pay for better lines. Thankfully 4G coverage is getting better and that's a good alternative.
Is your internet charge a different charge on top of the MPLS?
If so you should be able to get leased lines with internet for the same or less cost, because they are dropping the MPLS component.
Exactly. Standard high cost fiber rather than a leased MPLS line. Leased/MPLS is always a fee on top of what internet access costs on the same non-leased/MPLS line.
-
@scottalanmiller said in MPLS alternative:
Sure, but it doesn't have to be a private line, it can be an Internet line. I didn't say you didn't have to pay more than ADSL, just saying you don't need private lines that don't go to the Internet because any line that can be private, can be Internet.
OK miss read that one
-
@scottalanmiller said in MPLS alternative:
@Dashrender said in MPLS alternative:
@hobbit666 said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
Anything you can get in a leased line you can get in an Internet line for the same or cheaper. Leased lines aren't magic, they are just the same lines without Internet access.
Wrong!!! We are in the UK and bound by Openreach infrastructure, where some site only have ADSL products and long line lengths. If we need more bandwidth we have to pay for better lines. Thankfully 4G coverage is getting better and that's a good alternative.
Is your internet charge a different charge on top of the MPLS?
If so you should be able to get leased lines with internet for the same or less cost, because they are dropping the MPLS component.
Exactly. Standard high cost fiber rather than a leased MPLS line. Leased/MPLS is always a fee on top of what internet access costs on the same non-leased/MPLS line.
In your situation it's likely still a leased fiber line - seeing Scott toss that in there some places and not others - don't let that confuse you to think they are different things, the fiber itself and the contract for the fiber are the same as it would be under MPLS.
-
@hobbit666 said in MPLS alternative:
Another fundamental flaw of the business in general: "management have never liked." Management's job here is to make sure that "what is good for the business"
Their mind set is to keep the business running, i.e. if it's working why change? (I'm not disagreeing with you but we live in the real world)
No, their mindset is to spend money on things salespeople tried to sell them. Keeping the business running is exactly what they aren't doing. That's my entire point - they are acting like making money or keeping the business running (those are not necessarily the same thing, another common business mistake) don't matter.
If they cared about profits, they'd be looking at the big big picture and considering the cost which they have to be ignoring completely to be where they are.
If they can't grasp the big picture but are obsessed emotionally with uptime alone, they are still missing the big picture because they did the polar opposite. The riskiest form of network connection is the MPLS / leased line approach. Of course, it beats cheap consumer DSL, that is generally the case (absolutely not always, the biggest downtimes I've ever witnessed are 100% on leased lines with SLAs - no consumer line comes close to what those see in downtime) but the point is for less money there are better ways to use technology to get uptime. If uptime mattered and the same providers were all that were available, just skipping the MPLS alone would improve uptime, let alone all the other potential approaches.
-
@Dashrender said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
@Dashrender said in MPLS alternative:
@hobbit666 said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
Anything you can get in a leased line you can get in an Internet line for the same or cheaper. Leased lines aren't magic, they are just the same lines without Internet access.
Wrong!!! We are in the UK and bound by Openreach infrastructure, where some site only have ADSL products and long line lengths. If we need more bandwidth we have to pay for better lines. Thankfully 4G coverage is getting better and that's a good alternative.
Is your internet charge a different charge on top of the MPLS?
If so you should be able to get leased lines with internet for the same or less cost, because they are dropping the MPLS component.
Exactly. Standard high cost fiber rather than a leased MPLS line. Leased/MPLS is always a fee on top of what internet access costs on the same non-leased/MPLS line.
In your situation it's likely still a leased fiber line - seeing Scott toss that in there some places and not others - don't let that confuse you to think they are different things, the fiber itself and the contract for the fiber are the same as it would be under MPLS.
No, not a leased line. Leased line means that the connection goes from site to site rather than site to the Internet. It's a cheaper Internet line rather than a leased line.
Still the same physical fiber, but when you go to the Internet it stops being leased.
Why is the word "leased" used to be "private site to private site", heaven only knows. But that's what the term means. A private fiber line that you install between you and the Internet is not called leased, even though there is no more or less logic to this name.
-
@hobbit666 said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
Sure, but it doesn't have to be a private line, it can be an Internet line. I didn't say you didn't have to pay more than ADSL, just saying you don't need private lines that don't go to the Internet because any line that can be private, can be Internet.
OK miss read that one
So what I'm saying the standard patterns are would be these...
Leased Line (MPLS or Other)
Office A leases a line to CLEC X. Office B leases a line to CLEC X. CLEC X connects the two together and there is no Internet involved. There's also no security because all traffic on this network is wide open plain text. The CLEC and anyone that taps the line can see all the traffic.
Internet Based Connection
Office A buys Internet line from CLEC X. Office B buys Internet line from CLEC X. Office A and Office B connect their firewalls via an IPSec VPN and all traffic bound for the other site goes through CLEC X (and not the Internet ever) in a secure tunnel that the CLEC cannot read. Any traffic to the Internet goes directly and does not go through the VPN.
-
@scottalanmiller said in MPLS alternative:
@Dashrender said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
@Dashrender said in MPLS alternative:
@hobbit666 said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
Anything you can get in a leased line you can get in an Internet line for the same or cheaper. Leased lines aren't magic, they are just the same lines without Internet access.
Wrong!!! We are in the UK and bound by Openreach infrastructure, where some site only have ADSL products and long line lengths. If we need more bandwidth we have to pay for better lines. Thankfully 4G coverage is getting better and that's a good alternative.
Is your internet charge a different charge on top of the MPLS?
If so you should be able to get leased lines with internet for the same or less cost, because they are dropping the MPLS component.
Exactly. Standard high cost fiber rather than a leased MPLS line. Leased/MPLS is always a fee on top of what internet access costs on the same non-leased/MPLS line.
In your situation it's likely still a leased fiber line - seeing Scott toss that in there some places and not others - don't let that confuse you to think they are different things, the fiber itself and the contract for the fiber are the same as it would be under MPLS.
No, not a leased line. Leased line means that the connection goes from site to site rather than site to the Internet. It's a cheaper Internet line rather than a leased line.
Still the same physical fiber, but when you go to the Internet it stops being leased.
Why is the word "leased" used to be "private site to private site", heaven only knows. But that's what the term means. A private fiber line that you install between you and the Internet is not called leased, even though there is no more or less logic to this name.
huh - OK didn't specifically know that.
-
@scottalanmiller said in MPLS alternative:
No, not a leased line. Leased line means that the connection goes from site to site rather than site to the Internet. It's a cheaper Internet line rather than a leased line.
Still the same physical fiber, but when you go to the Internet it stops being leased.
Why is the word "leased" used to be "private site to private site", heaven only knows. But that's what the term means. A private fiber line that you install between you and the Internet is not called leased, even though there is no more or less logic to this name.
Think this is where the terminology comes in, for me (for the last 20+ years) "Leased Line" has always meant to me as a dedicated "internet" fibre line that connects your building to the internet or MPLS or switching product.
So when i say we have 3 sites with leased lines they are fibre to the Exchange -
MPLS vs. Straight Leased Line...
Old days: Leased lines were extremely high cost because going from Point A to Point B required custom cabling the entire way.
Today: No one does the above due to cost. MPLS is a "tiny Internet" build by an ISP that allows them to create connections between customers (generally all the same company, just different sites) so that they don't need the custom cabling from the old days. It behaves exactly the same at a fraction of the cost (and effort) because it's essentially just using the Internet but a small Internet on MPLS rather than TCP/IP and only within the confines of a single ISP.
In both cases it is leased lines. Just one is leased lines using MPLS and one is leased lines without MPLS. MPLS is a huge improvement over the old system. But both are garbage compared standard, modern methods.
-
@hobbit666 said in MPLS alternative:
Think this is where the terminology comes in, for me (for the last 20+ years) "Leased Line" has always meant to me as a dedicated "internet" line that connects your building to the internet or MPLS or switching product.
Ah, so yeah, that would add some confusion. When it connects to MPLS, yes, that's the right term. When it goes to the Internet, it is the wrong term as it expressly means that it doesn't do that.
The term you are looking for that applies to both is "dedicated". A dedicated fiber link could be leased or Internet, for example.
-
@hobbit666 said in MPLS alternative:
@scottalanmiller said in MPLS alternative:
No, not a leased line. Leased line means that the connection goes from site to site rather than site to the Internet. It's a cheaper Internet line rather than a leased line.
Still the same physical fiber, but when you go to the Internet it stops being leased.
Why is the word "leased" used to be "private site to private site", heaven only knows. But that's what the term means. A private fiber line that you install between you and the Internet is not called leased, even though there is no more or less logic to this name.
Think this is where the terminology comes in, for me (for the last 20+ years) "Leased Line" has always meant to me as a dedicated "internet" line that connects your building to the internet or MPLS or switching product.
So when i say we have 3 sites with leased lines they are fibre to the Exchangeyeah, that's why I wrote what I wrote - I wanted to make sure all understood that with or without the word "leased" the connection are all the same, using the same cabling, likely the same pricing.
It might be a UK thing to call anything not consumer grade to the internet a leased line - who knows, I'm not a UK native.. .
-
@hobbit666 said in MPLS alternative:
So when i say we have 3 sites with leased lines they are fibre to the Exchange
Right, that should be "dedicated fiber" to the exchange. BUT, if they are MPLS, then your use of leased is correct in your case right now.
-
@Dashrender said in MPLS alternative:
It might be a UK thing to call anything not consumer grade to the internet a leased line - who knows, I'm not a UK native.. .
Well I looked up the terms to make sure I wasn't crazy and it didn't mention any regional different usages. Telecom terms tend to be global.
-
BTW watched that Magolassi video on Lanless design. Also been looking at some Zero Trust stuff.......... i'm still confused
Think more reading and seeing some examples might help my little head compute it all might help
-
Are there any exceptions to leased lines being bad? Yes. But they are insanely rare and really come up when you are building your own Internet provider, basically.
Example: When I was on Wall St. the bank didn't feel that its connections from North America to the Middle East were good enough (as in... they didn't trust the ENTIRE Internet infrastructure of the Gulf States) and so they put in their own dual transatlantic cable (with the Internet via VPN as a backup) that took a different route than the national Internet infrastructure. They did this to replicate the entire Internet backbone of the country in question.
When the COUNTRY had a two day blackout, the bank was not affected and phones and Internet never missed a packet while the rest of the country was totally without Internet (including phones.)
When you get to this scale and are talking about competing with the ISPs because you don't trust the accumulation of all ISPs for a region or country. Yes, leased lines start to be the only option short of building your own ISP and at some point, what's the difference?
But when we are talking about something that CAN be done over the existing Internet and you aren't trenching your own custom fiber end to end, then we are back to our normal discussion.
-
Doesn't the likes of Microsoft/Amazon/Google all use leased lines for they syncing between DCs?
I'm almost positive they did in the past. I say this because I recall hearing that Google, etc were suddenly face slappingly aware of how not encrypted their syncing was between DCs with the Snowden reveal, and that the NSA was siphoning off copies of all of their flowing packets.
This leads me to believe Google/etc believed the leased lines were "secure enough" to not need to worry about encrypting the data in transit, which I can't personally believe they would consider acceptable if it was simply using Internet connections to do this.
-
@hobbit666 said in MPLS alternative:
BTW watched that Magolassi video on Lanless design. Also been looking at some Zero Trust stuff.......... i'm still confused
Think more reading and seeing some examples might help my little head compute it all might help
Well, think about ANY desire to have a VPN or MPLS connection and ask "why?" In modern (meaning post-2003) application design, there's no normal case where you'd have any reason for that kind of connection. What traffic is utilizing that for you? SMB and AD traffic certainly do, and both are vestiges of another era and represent massive security risks and fragility for the business. They also have advantages, so this isn't a all con, no pro situation. They are easy, fast, and well known. But they are designed entirely around businesses that fit in a single LAN. The moment you introduce a second site, they start to falter. They weren't designed for the multi-site business world, let alone the multi-region company. Neither handles WAN latency well, regardless of connectivity. And no "can claim to be a business app" would have any reason to need LAN connectivity, even by the late 1990s that was "you should fire anyone making software that way and no one should buy software with those kinds of problems."
And before people say that the real world doesn't do this stuff, I can tell you that firms with hundred of thousands of users were doing this by 2005 on a large scale, and small firms were doing it a decade earlier. Plus always those outliers that did it starting in the 60s or whatever. Sure, most firms will always do things poorly, that's assumed. But companies that were trying to do things well were able to pretty easily get to LANless or close to LANless a really long time ago without much challenge.
-
@Dashrender said in MPLS alternative:
Doesn't the likes of Microsoft/Amazon/Google all use leased lines for they syncing between DCs?
Sort of, they are their own ISPs. So you are basically asking if the Internet is built on leased lines. Yes, under the hood, ISPs use leased lines to form the Internet. But that's a meta-discussion.
-
@Dashrender said in MPLS alternative:
This leads me to believe Google/etc believed the leased lines were "secure enough" to not need to worry about encrypting the data in transit, which I can't personally believe they would consider acceptable if it was simply using Internet connections to do this.
Um, no, they put VPNs on those lines.