[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC tunnels for LAN-to-LAN interop issue
>>>>> "Paul" == Paul Koning <firstname.lastname@example.org> writes:
Paul> Keep in mind that many applications have no need for multiple
Paul> tunnels between the same pair of security gateways. Given high
Paul> speed crypto,
Michael> Uh, this doesn't work if you want to provide different flows
Michael> with different qualities of service. Well, it does if you can do
Michael> the appropriate marking on the VPN box, but at present, this is
Michael> not likely to be widely available until all the VPN and QOS
Michael> suppliers catch up.
Paul> It isn't necessary for everyone to catch up. All that you need is
Paul> VPN boxes that are also QOS suppliers with the ability to to TOS
Paul> marking, and indeed those are available -- we've been shipping that
Paul> for a while now.
I never said that they weren't shipping. I said that it wasn't widely
available. If your box talks to a different vendor's box, then you have
a problem. This is what interopability is about.
So, unless you have such a box at BOTH ends, the end that can do both
still needs to support multiple SAs between end points so that it can support
having QOS and VPN done in different boxes.
:!mcr!: | Cow#1: Are you worried about getting Mad Cow Disease?
Michael Richardson | Cow#2: No. I'm a duck.
Home: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">email@example.com</A>. PGP key available.