Increasing the pipe capacity is not a solution for a legacy Internet. The number of subscribers are exponentially growing day by day. I feel, we need to stop investing on the Infrastructure, concentrate more on utilizing the existing network resources to the maximum. This is where the challenge lies.
MPLS -VPN is a two fold solution which highlight on security for sure, but also engineers the network backbone efficiently and effectively using Traffic Engineering. This means a great deal of improvement in the performance to the end user.
There is no technology which is complex. Its just the way we look at it. All we need to worry about is, "Where this technology best fits in and the area of deployment (Carrier, Provider edge, Enterprise)".
Regards,
Ravi.
Franjo Majstor wrote:
This might help you for start...http://www.ietf.org/internet-drafts/draft-behringer-mpls-security-01.txt
Franjo
At 04:21 2/25/2002, Takaoka Takayoshi wrote:
Hi, everyone!I want to discuss the superiority both type of VPN, IPsec and MPLS.
Now our company run after the tech of VPN to provide the secure zone for all customer, and this classfication is as following I think;IPsec VPN -use the Internet for this infrastructure, don't be needed the additional capital investment, so this is match for the enterprise security solution. But there is no expectation to ensure the intelligent Traffic Engineering that MPLS VPN can do.
MPLS VPN - use the closed network with the exclusive router, and this closed network is provided by the carrier, this complecated switching network can give us high performance and perfect ToS, and no need to encrypt the traffic data.
Now I think, it's just my opinion, if the internet infrastructure become has a big pipe and high performance, of couse the investment for this owe to all of carrier, the intelligent traffic engineering is no use anymore and great through put can provide to anyone connecting to internet. That means, in the future, the intelligent ToS isn't neccesary, we don't need to care of the ToS, extremely I can say.
That fact also means, the end security gateway only take care of high performance encryption & decryption, that based on ASIC.
I wonder, there is some possibility in the future, all of client has exclusive ASIC for encryption for itself, and also the internet has security gateway routing protocol, this system can be swith the all of client request with IPsec. The client can connect to all of internet server or client using security tunnel that provided by VPN swith network which spreading all over the world!
Anyway, now I want to change my question to you like that,
"Do you think the MPLS tech can survive in the security solution?"
Best regards,
Taka
Network Value Components, Ltd.
GroupSystemNameTakayoshiMailttakaoka@nvc.co.jp
Phone0468-20-1800
FAX0468-25-8053
URLhttp://www.nvc.co.jp
.............................................................................................................
Franjo Majstor CCIE #1507 Access,Security
EMEA Consulting Engineer CISSPPhone : +32-2-778.4395 Fax : +32-2-778.4300
Mobile: +32-475-36.3202 PGP Key: available on request
Cisco Systems, Av. Marcel Thiry 77,1200 Brussels, Belgium
_______________________________________________