Star or full Mesh?
Last response: in Networking
Archived from groups: comp.dcom.vpn (More info?)
Here's the deal:
In our WAN we have apr. 15 sites around the world. Today we have a
full mesh VPN network between the sites.
We are planning a redundant VPN net with a new FW at each site. I have
not figured out how to do this and the routing is a true nightmare.
Anyone have any ideas or thoughts around this problem?
Also, what is the "best practice" regarding VPN net? Star or Mesh?
Thanks for any replies,
BR
Bjornar
Here's the deal:
In our WAN we have apr. 15 sites around the world. Today we have a
full mesh VPN network between the sites.
We are planning a redundant VPN net with a new FW at each site. I have
not figured out how to do this and the routing is a true nightmare.
Anyone have any ideas or thoughts around this problem?
Also, what is the "best practice" regarding VPN net? Star or Mesh?
Thanks for any replies,
BR
Bjornar
More about : star full mesh
Archived from groups: comp.dcom.vpn (More info?)
Bj?rnar Eilertsen wrote:
> Here's the deal:
>
> In our WAN we have apr. 15 sites around the world. Today we have a
> full mesh VPN network between the sites.
>
> We are planning a redundant VPN net with a new FW at each site. I have
> not figured out how to do this and the routing is a true nightmare.
>
> Anyone have any ideas or thoughts around this problem?
>
> Also, what is the "best practice" regarding VPN net? Star or Mesh?
>
> Thanks for any replies,
>
> BR
> Bjornar
If 2 sites never directly connect to resources at each other then they
do not require a VPN link directly from one point to the other.
Much simpler to do a star configuration with specific point to point
exceptions between sites that actually will utilize the direct link with
site to site traffic. In most network setups you do not truly need a
meshed configuration. There are exceptions to this of course. Lets say
you run video conferencing that utilized direct connections or VOIP
between all branches then it would make sense to minimize the delay and
bandwidth overhead of sending traffic in then out of a central point to
reach a remote office. If however your applications are all hosted
centrally and the only inter branch direct connections are people using
an instant messenger then you will probably prefer the decreased
management burden of a star topology for your VPN network.
Also some of the common VPN hardware will run into simultaneous tunnel
limits around 30-50 tunnels unless it is some of the more expensive
gear. If you are like most networks many of these sites are just small
offices with maybe a dozen sales staff with a few main operations with
the bulk of the traffic and staff. You wouldn't want to dedicate very
expensive equipment capable of hundreds of tunnels just for a dozen
people.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
Bj?rnar Eilertsen wrote:
> Here's the deal:
>
> In our WAN we have apr. 15 sites around the world. Today we have a
> full mesh VPN network between the sites.
>
> We are planning a redundant VPN net with a new FW at each site. I have
> not figured out how to do this and the routing is a true nightmare.
>
> Anyone have any ideas or thoughts around this problem?
>
> Also, what is the "best practice" regarding VPN net? Star or Mesh?
>
> Thanks for any replies,
>
> BR
> Bjornar
If 2 sites never directly connect to resources at each other then they
do not require a VPN link directly from one point to the other.
Much simpler to do a star configuration with specific point to point
exceptions between sites that actually will utilize the direct link with
site to site traffic. In most network setups you do not truly need a
meshed configuration. There are exceptions to this of course. Lets say
you run video conferencing that utilized direct connections or VOIP
between all branches then it would make sense to minimize the delay and
bandwidth overhead of sending traffic in then out of a central point to
reach a remote office. If however your applications are all hosted
centrally and the only inter branch direct connections are people using
an instant messenger then you will probably prefer the decreased
management burden of a star topology for your VPN network.
Also some of the common VPN hardware will run into simultaneous tunnel
limits around 30-50 tunnels unless it is some of the more expensive
gear. If you are like most networks many of these sites are just small
offices with maybe a dozen sales staff with a few main operations with
the bulk of the traffic and staff. You wouldn't want to dedicate very
expensive equipment capable of hundreds of tunnels just for a dozen
people.
--
WARNING! Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)
Archived from groups: comp.dcom.vpn (More info?)
"Bj?rnar Eilertsen" <bjornar@vetromac.no> wrote in message
news:35544b6.0410080430.5f7d287f@posting.google.com...
> Here's the deal:
>
> In our WAN we have apr. 15 sites around the world. Today we have a
> full mesh VPN network between the sites.
>
> We are planning a redundant VPN net with a new FW at each site. I have
> not figured out how to do this and the routing is a true nightmare.
square law scaling rules always hurt.
you need a routing protocol so that you dont have to do resilience with
static routing.
>
> Anyone have any ideas or thoughts around this problem?
some of the manufacturers have noticed
- e.g. cisco routers now have a "feature" so that you set up a VPN on a
star basis, and they will negotiate and build direct dynamic tunnels when
there is a traffic flow between 2 edge boxes.
but its Friday pm - so cant remember what it is called....
>
> Also, what is the "best practice" regarding VPN net? Star or Mesh?
if it is a big issue go and rent a managed service so it becomes a telco
problem.....
>
> Thanks for any replies,
>
> BR
> Bjornar
--
Regards
Stephen Hope - return address needs fewer xxs
"Bj?rnar Eilertsen" <bjornar@vetromac.no> wrote in message
news:35544b6.0410080430.5f7d287f@posting.google.com...
> Here's the deal:
>
> In our WAN we have apr. 15 sites around the world. Today we have a
> full mesh VPN network between the sites.
>
> We are planning a redundant VPN net with a new FW at each site. I have
> not figured out how to do this and the routing is a true nightmare.
square law scaling rules always hurt.
you need a routing protocol so that you dont have to do resilience with
static routing.
>
> Anyone have any ideas or thoughts around this problem?
some of the manufacturers have noticed
- e.g. cisco routers now have a "feature" so that you set up a VPN on a
star basis, and they will negotiate and build direct dynamic tunnels when
there is a traffic flow between 2 edge boxes.
but its Friday pm - so cant remember what it is called....
>
> Also, what is the "best practice" regarding VPN net? Star or Mesh?
if it is a big issue go and rent a managed service so it becomes a telco
problem.....
>
> Thanks for any replies,
>
> BR
> Bjornar
--
Regards
Stephen Hope - return address needs fewer xxs
Related ressources:
- ForumMesh star network
- ForumStar-Mesh topology?
- ForumThe Best of Star Wars Games, Part 1
- ForumCase that keeps dust out ... no mesh if possible
- ForumLack of Mesh Ventilation on Rear of Most Cases?
- ForumUltimate Terrian + FSG new 38m AK mesh = WOW
- ForumIs this system worth the cost? Will it play new Star wars on full ?
- ForumHelp needed considering a mesh dx lite
- ForumDo I need Dust Filters or Is mesh enough??
- ForumSTAR TREK Case Mod for Comic-Con
- ForumQuestion about the Star trek Universe?
- ForumTom's Hardware Member System Gallery
- Forum[MNPCTech] Project: Rebel Alliance CMII
- ForumRouter Setup
- Forumcannot receive full bandwidth
- ForumMN-700 Full or half duplex
- ForumMN-710 Problem Getting Full Speed on 802.11g
- ForumWireless Base Station MN-700 Full Install
- ForumNetwork not able to run at full speed
- ForumTrouble using full Gigabit ethernet
- More resources
Read discussions in other Networking categories
!
