ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    MPLS alternative

    Scheduled Pinned Locked Moved IT Discussion
    mplsvpnmutli site
    172 Posts 13 Posters 30.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • hobbit666H
      hobbit666 @scottalanmiller
      last edited by hobbit666

      @scottalanmiller said in MPLS alternative:

      No, not a leased line. Leased line means that the connection goes from site to site rather than site to the Internet. It's a cheaper Internet line rather than a leased line.

      Still the same physical fiber, but when you go to the Internet it stops being leased.

      Why is the word "leased" used to be "private site to private site", heaven only knows. But that's what the term means. A private fiber line that you install between you and the Internet is not called leased, even though there is no more or less logic to this name.

      Think this is where the terminology comes in, for me (for the last 20+ years) "Leased Line" has always meant to me as a dedicated "internet" fibre line that connects your building to the internet or MPLS or switching product.
      So when i say we have 3 sites with leased lines they are fibre to the Exchange

      scottalanmillerS DashrenderD 3 Replies Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller
        last edited by

        MPLS vs. Straight Leased Line...

        Old days: Leased lines were extremely high cost because going from Point A to Point B required custom cabling the entire way.

        Today: No one does the above due to cost. MPLS is a "tiny Internet" build by an ISP that allows them to create connections between customers (generally all the same company, just different sites) so that they don't need the custom cabling from the old days. It behaves exactly the same at a fraction of the cost (and effort) because it's essentially just using the Internet but a small Internet on MPLS rather than TCP/IP and only within the confines of a single ISP.

        In both cases it is leased lines. Just one is leased lines using MPLS and one is leased lines without MPLS. MPLS is a huge improvement over the old system. But both are garbage compared standard, modern methods.

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @hobbit666
          last edited by

          @hobbit666 said in MPLS alternative:

          Think this is where the terminology comes in, for me (for the last 20+ years) "Leased Line" has always meant to me as a dedicated "internet" line that connects your building to the internet or MPLS or switching product.

          Ah, so yeah, that would add some confusion. When it connects to MPLS, yes, that's the right term. When it goes to the Internet, it is the wrong term as it expressly means that it doesn't do that.

          The term you are looking for that applies to both is "dedicated". A dedicated fiber link could be leased or Internet, for example.

          1 Reply Last reply Reply Quote 1
          • DashrenderD
            Dashrender @hobbit666
            last edited by

            @hobbit666 said in MPLS alternative:

            @scottalanmiller said in MPLS alternative:

            No, not a leased line. Leased line means that the connection goes from site to site rather than site to the Internet. It's a cheaper Internet line rather than a leased line.

            Still the same physical fiber, but when you go to the Internet it stops being leased.

            Why is the word "leased" used to be "private site to private site", heaven only knows. But that's what the term means. A private fiber line that you install between you and the Internet is not called leased, even though there is no more or less logic to this name.

            Think this is where the terminology comes in, for me (for the last 20+ years) "Leased Line" has always meant to me as a dedicated "internet" line that connects your building to the internet or MPLS or switching product.
            So when i say we have 3 sites with leased lines they are fibre to the Exchange

            yeah, that's why I wrote what I wrote - I wanted to make sure all understood that with or without the word "leased" the connection are all the same, using the same cabling, likely the same pricing.

            It might be a UK thing to call anything not consumer grade to the internet a leased line - who knows, I'm not a UK native.. . 🙂

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @hobbit666
              last edited by

              @hobbit666 said in MPLS alternative:

              So when i say we have 3 sites with leased lines they are fibre to the Exchange

              Right, that should be "dedicated fiber" to the exchange. BUT, if they are MPLS, then your use of leased is correct in your case right now.

              1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said in MPLS alternative:

                It might be a UK thing to call anything not consumer grade to the internet a leased line - who knows, I'm not a UK native.. .

                Well I looked up the terms to make sure I wasn't crazy and it didn't mention any regional different usages. Telecom terms tend to be global.

                1 Reply Last reply Reply Quote 0
                • hobbit666H
                  hobbit666
                  last edited by

                  BTW watched that Magolassi video on Lanless design. Also been looking at some Zero Trust stuff.......... i'm still confused 🙂

                  Think more reading and seeing some examples might help my little head compute it all might help 😄

                  scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    Are there any exceptions to leased lines being bad? Yes. But they are insanely rare and really come up when you are building your own Internet provider, basically.

                    Example: When I was on Wall St. the bank didn't feel that its connections from North America to the Middle East were good enough (as in... they didn't trust the ENTIRE Internet infrastructure of the Gulf States) and so they put in their own dual transatlantic cable (with the Internet via VPN as a backup) that took a different route than the national Internet infrastructure. They did this to replicate the entire Internet backbone of the country in question.

                    When the COUNTRY had a two day blackout, the bank was not affected and phones and Internet never missed a packet while the rest of the country was totally without Internet (including phones.)

                    When you get to this scale and are talking about competing with the ISPs because you don't trust the accumulation of all ISPs for a region or country. Yes, leased lines start to be the only option short of building your own ISP and at some point, what's the difference?

                    But when we are talking about something that CAN be done over the existing Internet and you aren't trenching your own custom fiber end to end, then we are back to our normal discussion.

                    1 Reply Last reply Reply Quote 1
                    • DashrenderD
                      Dashrender
                      last edited by

                      Doesn't the likes of Microsoft/Amazon/Google all use leased lines for they syncing between DCs?

                      I'm almost positive they did in the past. I say this because I recall hearing that Google, etc were suddenly face slappingly aware of how not encrypted their syncing was between DCs with the Snowden reveal, and that the NSA was siphoning off copies of all of their flowing packets.

                      This leads me to believe Google/etc believed the leased lines were "secure enough" to not need to worry about encrypting the data in transit, which I can't personally believe they would consider acceptable if it was simply using Internet connections to do this.

                      scottalanmillerS 2 Replies Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @hobbit666
                        last edited by

                        @hobbit666 said in MPLS alternative:

                        BTW watched that Magolassi video on Lanless design. Also been looking at some Zero Trust stuff.......... i'm still confused 🙂

                        Think more reading and seeing some examples might help my little head compute it all might help 😄

                        Well, think about ANY desire to have a VPN or MPLS connection and ask "why?" In modern (meaning post-2003) application design, there's no normal case where you'd have any reason for that kind of connection. What traffic is utilizing that for you? SMB and AD traffic certainly do, and both are vestiges of another era and represent massive security risks and fragility for the business. They also have advantages, so this isn't a all con, no pro situation. They are easy, fast, and well known. But they are designed entirely around businesses that fit in a single LAN. The moment you introduce a second site, they start to falter. They weren't designed for the multi-site business world, let alone the multi-region company. Neither handles WAN latency well, regardless of connectivity. And no "can claim to be a business app" would have any reason to need LAN connectivity, even by the late 1990s that was "you should fire anyone making software that way and no one should buy software with those kinds of problems."

                        And before people say that the real world doesn't do this stuff, I can tell you that firms with hundred of thousands of users were doing this by 2005 on a large scale, and small firms were doing it a decade earlier. Plus always those outliers that did it starting in the 60s or whatever. Sure, most firms will always do things poorly, that's assumed. But companies that were trying to do things well were able to pretty easily get to LANless or close to LANless a really long time ago without much challenge.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said in MPLS alternative:

                          Doesn't the likes of Microsoft/Amazon/Google all use leased lines for they syncing between DCs?

                          Sort of, they are their own ISPs. So you are basically asking if the Internet is built on leased lines. Yes, under the hood, ISPs use leased lines to form the Internet. But that's a meta-discussion.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @Dashrender
                            last edited by

                            @Dashrender said in MPLS alternative:

                            This leads me to believe Google/etc believed the leased lines were "secure enough" to not need to worry about encrypting the data in transit, which I can't personally believe they would consider acceptable if it was simply using Internet connections to do this.

                            Um, no, they put VPNs on those lines.

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @scottalanmiller
                              last edited by

                              @scottalanmiller said in MPLS alternative:

                              @Dashrender said in MPLS alternative:

                              This leads me to believe Google/etc believed the leased lines were "secure enough" to not need to worry about encrypting the data in transit, which I can't personally believe they would consider acceptable if it was simply using Internet connections to do this.

                              Um, no, they put VPNs on those lines.

                              They did after Snowden - that was publicly acknowledged, but pre-snowden... not so sure. Definitely not in all cases.

                              Heck, I'd be surprised if Hobbit's company is encrypting data between sites - they are instead (management likely not realizing it) completely exposing their prints/fileshares with BT through their MPLS.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender
                                last edited by

                                @scottalanmiller what would you do for a management solution for 300+ users on company owned equipment?
                                And what management solution for useraccounts would you use for Citrix?

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Dashrender
                                  last edited by

                                  @Dashrender said in MPLS alternative:

                                  Heck, I'd be surprised if Hobbit's company is encrypting data between sites - they are instead (management likely not realizing it) completely exposing their prints/fileshares with BT through their MPLS.

                                  I guarantee that they are not. But they are not an in-house ISP. They are doing it for LAN traffic, not to build their own Internet backbone.

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @Dashrender
                                    last edited by

                                    @Dashrender said in MPLS alternative:

                                    what would you do for a management solution for 300+ users on company owned equipment?

                                    It's not that easy to say what TO do. That requires a lot of research. But knowing what NOT to do is a lot simpler. AD is absolutely not a good solution for a lot of sites. Even Microsoft hasn't recommended that in a long time. That's why they moved to Azure AD internally as their product for that long ago.

                                    We have no reason to believe that they even need user management, there's no way to have that assumption. I've worked in companies that size that saw zero value to having that and I see that play out time and time again. The need for user management on the OS is probably around 50/50.

                                    So without even knowing if the need user management, it's impossible to even start to guess how best to approach it.

                                    DashrenderD 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller
                                      last edited by

                                      The need for user management at the OS level primarily comes from LAN-based design. Not 100%, but maybe 85%. Once you are LANless / Zero Trust, the need to control the users at the device level changes dramatically. There are good reasons to still want it, but it has to become a business need, not a "nice if all other things were equal." It comes at high cost and carries risks, so you have to have a value that supersedes those values to justify it.

                                      DashrenderD 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @hobbit666
                                        last edited by scottalanmiller

                                        @hobbit666 said in MPLS alternative:

                                        Think more reading and seeing some examples might help my little head compute it all might help

                                        Two simple examples...

                                        LANbased Legacy User Management: Active Directory
                                        LANless Alternative: JumpCloud, AzureAD

                                        LANbased Legacy File Management: SMB or NFS Mapped Drives / Shares
                                        LANless Alternatives: OneDrive, NextCloud, Google Drive, DropBox

                                        hobbit666H 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Another example of LANbased vs LANless thinking or approach...

                                          Old Days: Log into your desktop and the desktop gives you immediate access to files, applications, etc.

                                          Modern Way: Log into desktop, then log into applications so that the applications are not trusting the device but authenticate the user.

                                          hobbit666H 1 Reply Last reply Reply Quote 0
                                          • hobbit666H
                                            hobbit666 @scottalanmiller
                                            last edited by

                                            @scottalanmiller said in MPLS alternative:

                                            @hobbit666 said in MPLS alternative:

                                            Think more reading and seeing some examples might help my little head compute it all might help

                                            Two simple examples...

                                            LANbased Legacy User Management: Active Directory
                                            LANless Alternative: JumpCloud, AzureAD

                                            LANbased Legacy File Management: SMB or NFS Mapped Drives / Shares
                                            LANless Alternatives: OneDrive, NextCloud, Google Drive, DropBox

                                            Those i get, but what about printing to office printers, or accessing the Citrix farm.
                                            As i said E-mails and files are getting slowly moved to o365 and OD4B

                                            scottalanmillerS 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 9
                                            • 8 / 9
                                            • First post
                                              Last post