MPLS vs Site-to-Site
- 
 
- 
 Let's not forget that Snowden has basically told us that if we care about privacy, we MUST encrypt anything we send over an MPLS, leased line. Google had MPLS/leased lines, etc between their datacenters. Google rented these services from whatever companies could provide it. Those companies allowed the NSA to tap into those private lines and see/do anything they wanted with flowing data. Today, Google/MS, etc all encrypt all data as it leaves their internally controlled network to stop this snooping. 
- 
 Absolutely, you must assume that your ISP is your worst enemy. That's why I don't worry about coffee shops, no different than any other ISP. 
- 
 @scottalanmiller said: Absolutely, you must assume that your ISP is your worst enemy. That's why I don't worry about coffee shops, no different than any other ISP. So do you use a VPN client to use a known entry point to the internet when at a coffee shop? Or just not care about things like ML and other sites that don't use TLS? And for the sites you do care about, of course ensure the TLS connection is live? I know reading this it might sound flippant, it's not meant to be. 
- 
 @Dashrender said: So do you use a VPN client to use a known entry point to the internet when at a coffee shop? Of course, its called a web browser and it is an SSL application specific VPN. Just use HTTPS instead of HTTP and you get a single port, application specific, end to end encrypted VPN. 
- 
 @scottalanmiller said: @Dashrender said: So do you use a VPN client to use a known entry point to the internet when at a coffee shop? Of course, its called a web browser and it is an SSL application specific VPN. Just use HTTPS instead of HTTP and you get a single port, application specific, end to end encrypted VPN. LOL of course  But then we can't go to places like Mangolassi from the Coffee shop, because it doesn't have HTTPS. But then we can't go to places like Mangolassi from the Coffee shop, because it doesn't have HTTPS.
- 
 @art_of_shred said: @Lakshmana Any site-to-site configuration, whether it is MPLS, VPN, or a cable running between the 2 buildings, should create a single LAN on the user side. You should see anything on the network at the other site just as you would see it if it was on a desk in the next room. Not quite.. Some of them will be L2 and can be the same subnet.. others will have to be layer 3 with a router in between. 
- 
 @Jason said: @art_of_shred said: @Lakshmana Any site-to-site configuration, whether it is MPLS, VPN, or a cable running between the 2 buildings, should create a single LAN on the user side. You should see anything on the network at the other site just as you would see it if it was on a desk in the next room. Not quite.. Some of them will be L2 and can be the same subnet.. others will have to be layer 3 with a router in between. Yes, but the end result is that you have a single functioning LAN. I didn't want to add another layer of complexity into the equation for him.  
- 
 @Lakshmana said: If I need to check the status of the Desktop or Laptop which is connected to the MPLS or Site-to-Site,how can I check? How would you check if it was on the LAN with you? 
- 
 @art_of_shred said: @Jason said: @art_of_shred said: @Lakshmana Any site-to-site configuration, whether it is MPLS, VPN, or a cable running between the 2 buildings, should create a single LAN on the user side. You should see anything on the network at the other site just as you would see it if it was on a desk in the next room. Not quite.. Some of them will be L2 and can be the same subnet.. others will have to be layer 3 with a router in between. Yes, but the end result is that you have a single functioning LAN. I didn't want to add another layer of complexity into the equation for him.  Wouldn't that be the WAN?. LAN is usually the single site/subnet.. People have confused the terms though because most people think of "WAN" as internet. 
- 
 If I have two LANs in the same building, I wouldn't call them a WAN, I'd say I have two local subnets. I agree with Jason - mentioning that you might have routers and be on a different subnet I felt was something that was missing from the discussion. Though with Switches I suppose one could argue for a single flat large LAN instead of two or more smaller ones and routing. 
- 
 @Jason said: @art_of_shred said: @Jason said: @art_of_shred said: @Lakshmana Any site-to-site configuration, whether it is MPLS, VPN, or a cable running between the 2 buildings, should create a single LAN on the user side. You should see anything on the network at the other site just as you would see it if it was on a desk in the next room. Not quite.. Some of them will be L2 and can be the same subnet.. others will have to be layer 3 with a router in between. Yes, but the end result is that you have a single functioning LAN. I didn't want to add another layer of complexity into the equation for him.  Wouldn't that be the WAN?. LAN is usually the single site/subnet.. People have confused the terms though because most people think of "WAN" as internet. It's a LAN that stretches over the WAN. Most LANs have routers separating subnets. That a LAN is a single subnet is actually pretty rare and only an SMB thing. 
- 
 We call ours a WAN because the strict definition of LAN means computers within a limited geographic area, and WAN is a network in a large geographic area. 
- 
 @Jason said: We call ours a WAN because the strict definition of LAN means computers within a limited geographic area, and WAN is a network in a large geographic area. That's very true. A single site would remain a LAN regardless of routers. A site with many geographic locations that are non-local to one another would be a WAN. In between the two, added years later, is the MAN concept of an area too big to be a single LAN but too small to call it a WAN. 
- 
 MPLS is good to use if you have a multiple sites separated by a WAN and need VoIP traffic sent between them (Cisco, Avaya, Shortel, etc). MPLS generally has low latency which is well suited for VoIP. Broadband is getting better in general, but there are still blips in latency and availability. Most people don't like the idea of losing voice service or quality but they tolerate data outages. I've seen people use VoIP over broadband and it works fine, but alot of times you get better performance on MPLS since you can pay for QoS. MPLS is a WAN switching technology but most people use carrier routing on top of it...you don't have to. Several implementations I've dealt with have multiple sites and need a routing protocol so you don't have to configure piles and piles of routes. Alot of people do BGP peering with the carrier router in a "private cloud" so you only get the routes that relate to your sites. Carrier Ethernet is a similar technology to MPLS. In a sense you're just plugging in a really long Ethernet cable between 2 sites. You would most likely have a router on each side but you don't have to. You can even do VLAN's over carrier Ethernet...remember it's just 1 really long cable. 
- 
 @scottalanmiller said: @Jason said: We call ours a WAN because the strict definition of LAN means computers within a limited geographic area, and WAN is a network in a large geographic area. That's very true. A single site would remain a LAN regardless of routers. A site with many geographic locations that are non-local to one another would be a WAN. In between the two, added years later, is the MAN concept of an area too big to be a single LAN but too small to call it a WAN. We always used MAN to mean Metro Area network - if it's not in the same city - then it becomes a WAN. 
- 
 @quicky2g said: MPLS is good to use if you have a multiple sites separated by a WAN and need VoIP traffic sent between them (Cisco, Avaya, Shortel, etc). MPLS generally has low latency which is well suited for VoIP. Broadband is getting better in general, but there are still blips in latency and availability. Most people don't like the idea of losing voice service or quality but they tolerate data outages. Yeah, strange how many companies would rather have their phones go down completely than to have less than predictable quality. 
- 
 @Dashrender said: @scottalanmiller said: @Jason said: We call ours a WAN because the strict definition of LAN means computers within a limited geographic area, and WAN is a network in a large geographic area. That's very true. A single site would remain a LAN regardless of routers. A site with many geographic locations that are non-local to one another would be a WAN. In between the two, added years later, is the MAN concept of an area too big to be a single LAN but too small to call it a WAN. We always used MAN to mean Metro Area network - if it's not in the same city - then it becomes a WAN. Yup, Metro. 
- 
 @quicky2g said: I've seen people use VoIP over broadband and it works fine, but alot of times you get better performance on MPLS since you can pay for QoS. We do a ton of VoIP hosting and consulting and find broadband to very rarely be an issue and when it is, it is normally super obvious that it is going to be an issue immediately (like it is flaky, oversaturated or whatever.) If the broadband is any good, it's almost always going to work well for VoIP. Not always, but very often. Even for international calling! 
- 
 @quicky2g said: Carrier Ethernet is a similar technology to MPLS. In a sense you're just plugging in a really long Ethernet cable between 2 sites. You would most likely have a router on each side but you don't have to. You can even do VLAN's over carrier Ethernet...remember it's just 1 really long cable. Not always a direct cable.. but yeah. This is what we use for most of our locations. 



