[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC tunnels for LAN-to-LAN interop issue

>>>>> "Paul" == Paul Koning <pkoning@xedia.com> writes:
    Paul> Keep in mind that many applications have no need for multiple
    Paul> tunnels between the same pair of security gateways.  Given high
    Paul> speed crypto,

    Michael> Uh, this doesn't work if you want to provide different flows
    Michael> with different qualities of service. Well, it does if you can do
    Michael> the appropriate marking on the VPN box, but at present, this is
    Michael> not likely to be widely available until all the VPN and QOS
    Michael> suppliers catch up.

    Paul> It isn't necessary for everyone to catch up.  All that you need is
    Paul> VPN boxes that are also QOS suppliers with the ability to to TOS
    Paul> marking, and indeed those are available -- we've been shipping that
    Paul> for a while now.

  I never said that they weren't shipping. I said that it wasn't widely
available. If your box talks to a different vendor's box, then you have
a problem. This is what interopability is about.

  So, unless you have such a box at BOTH ends, the end that can do both
still needs to support multiple SAs between end points so that it can support
having QOS and VPN done in different boxes.

   :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
   Michael Richardson |  Cow#2: No. I'm a duck.
 Home: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html";>mcr@sandelman.ottawa.on.ca</A>. PGP key available.