The MPLS WG Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

VPN solution - White flag ?

From: Eric Rosen <erosen@cisco.com>
Date: Fri, 27 Oct 2000 09:56:57 -0400
cc: Eric Osborne <eric@cisco.com>, Randy Bush <randy@psg.com>, Eric Gray <egray@zaffire.com>, mpls@UU.NET
User-Agent: EMH/1.10.0 WEMI/1.13.2 (Mochimune) FLIM/1.12.1(Nishinokyō) Emacs/20.6 (sparc-sun-solaris2.5.1)MULE/4.0 (HANANOEN)

Greg> You are forgetting  the obvious, which is being  sold around the world
Greg> today  (and  has been  being  sold  since at  least  1995  when I  was
Greg> installing it): managed router service. 

No one is forgetting  this.  Most of the SPs who are  moving to layer 3 VPNs
have been  doing this  for years.  Many  of the  SPs who actually  have been
offering managed router services over  layer 2 backbones don't seem to think
it's so scalable.

Greg> IPSec at  the edges with the  customer paying the (I)SP  to manage the
Greg> CPE. Add  some CoS capabilities  in the core  to give priority  to the
Greg> IPSec traffic  and you  have a very  good service offering.   With the
Greg> correct tools the management of it scales well too.

Well, we could  have a long discussion of the  alleged scalability of IPsec,
but I doubt we'd reach much of a consensus. 

You will  note that  there seems  to be a  considerable market  for PE-based
IPsec capabilities.  Given the fact that CPE-based IPsec provides a lot more
security, the  existence of  this market perhaps  says something  about what
many SPs think of CPE-based solutions.

Whether layer 3  VPNs or a managed  router service over layer 2  VPNs is the
best solution  for a Service Provider  to offer is  certainly something that
each Service Provider can decide for himself.

References:
- VPN solution - White flag ?
  - From: Greg Ketell <gketell@juniper.net>