home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,349 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 1,253 of 2,349   
   Mike Drechsler - SPAM PROTECTED EMA to All   
   Re: Star or full Mesh?   
   08 Oct 04 17:49:25   
   
   From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   Bj?rnar Eilertsen wrote:   
   > Here's the deal:   
   >   
   > In our WAN we have apr. 15 sites around the world. Today we have a   
   > full mesh VPN network between the sites.   
   >   
   > We are planning a redundant VPN net with a new FW at each site. I have   
   > not figured out how to do this and the routing is a true nightmare.   
   >   
   > Anyone have any ideas or thoughts around this problem?   
   >   
   > Also, what is the "best practice" regarding VPN net? Star or Mesh?   
   >   
   > Thanks for any replies,   
   >   
   > BR   
   > Bjornar   
      
   If 2 sites never directly connect to resources at each other then they   
   do not require a VPN link directly from one point to the other.   
      
   Much simpler to do a star configuration with specific point to point   
   exceptions between sites that actually will utilize the direct link with   
   site to site traffic.  In most network setups you do not truly need a   
   meshed configuration.  There are exceptions to this of course.  Lets say   
   you run video conferencing that utilized direct connections or VOIP   
   between all branches then it would make sense to minimize the delay and   
   bandwidth overhead of sending traffic in then out of a central point to   
   reach a remote office.  If however your applications are all hosted   
   centrally and the only inter branch direct connections are people using   
   an instant messenger then you will probably prefer the decreased   
   management burden of a star topology for your VPN network.   
      
   Also some of the common VPN hardware will run into simultaneous tunnel   
   limits around 30-50 tunnels unless it is some of the more expensive   
   gear.  If you are like most networks many of these sites are just small   
   offices with maybe a dozen sales staff with a few main operations with   
   the bulk of the traffic and staff.  You wouldn't want to dedicate very   
   expensive equipment capable of hundreds of tunnels just for a dozen   
   people.   
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca