Need suggestions for cheap VPN solution

Jim Kavitsky jkavitsk at Brocade.COM
Fri Feb 24 13:34:21 PST 2006


Depending on what you intend to use the connectivity for, a simple vpn
solution may not be nearly sufficient. What type of applications are you
going to be running across the link?

 

We have two links to Bangalore from SJ. One is a VPN/Internet connection
that is currently running at about 300-330 ms latency, and a dedicated
MPLS line that is at about 265 ms. Latencies in this range will crush
the performance of any chatty protocol. Examples of things that will
suck wind at these latencies are NFS, CIFS, and most GUI's that are not
specifically optimized for WAN connections. FTP transfers will be
dramatically lengthened with respect to what you would normally expect
from a given bandwidth, unless there is some tuning at the transport
layer of things like the TCP transmit window. Media MTU mismatches along
the way can cripple your performance as well, particularly if the ICMP
"can't fragment" packets that would inform you of this problem are
getting filtered at any step along the way.

 

If you are attempting to maximize your development dollars by
co-developing with offshore contractors, then skimping on the
connectivity is going to be penny-wise and pound-foolish. I would
absolutely recommend some type of WAN traffic accelerator in addition to
whatever VPN solution you pick. Riverbed does this well.

 

If you are going to be sharing filesystems across the WAN, it is going
to be tough to beat (or to do without) a Wide Area Filesystem (WAF)
solution. Tacit makes a good product to do this for CIFS and NFS.
Disclaimer: Brocade (my employer) resells Tacit solutions.

 

My advice would be to get yourself a WAN simulator, like the network
nightmare box (link below), set it up on your local network, configure
it to the performance characteristics of your WAN connection, and then
test how your applications perform. You may not like the results at all.

 

http://www.networknightmare.com/

 

Good luck with your offshore connectivity project. It is much more
complicated than most people initially imagine, particularly with regard
to security and the sharing of software resources once you get involved
in co-development. We wound up having to install some fairly significant
infrastructure in Bangalore in order to produce an acceptable remote
development environment.

 

-jimk

 

  _____  

From: owner-baylisa at baylisa.org [mailto:owner-baylisa at baylisa.org] On
Behalf Of Eyal Traitel
Sent: Friday, February 24, 2006 10:06 AM
To: baylisa at baylisa.org
Subject: Need suggestions for cheap VPN solution

 

Hi all !

I need to introduce connectivity between 2 sites - Sunnyvale and
Bangalore/India, and introduce remote access.
We'll need to be able to scale to 50 users.
I was suggested to look at Nokia boxes - would something like IP40 be a
good combined solution? 

Any tips will be welcomed.

Eyal Traitel
Orchesys (www.orchesys.com)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.baylisa.org/pipermail/baylisa/attachments/20060224/58f9c9f3/attachment.html>


More information about the Baylisa mailing list