Its very unfair to comment or critique from a sketchy reading
but I'm drawn to the issue of double ip-in-ip wrapping. My
experience of running VPN over 10/34Mb bandwidth is that with
the current FreeBSD technology I can't exceed 2mbit bandwidth
in the VPN, using blowfish-cbc. I also suffer pretty severe
fragmentation issues with some protocols. Mbone is fine, netmeeting
isn't. telnet is fine, web is fine, NFS isn't.
Don't you find that excess IPSEC wraps cost you severely? Maybe
I'm confusing architectural must-haves with operational issues.
(tangential to wrec, nice code! I definately want to play with it,
thanks for releasing it)
more WREC relevant: how many of us will be at IETF? Did we resolve
the issue of the WG meeting status? I will be there. Lets caucus
if nothing else...
cheers
-George
-- George Michaelson | DSTC Pty Ltd Email: ggm@dstc.edu.au | University of Qld 4072 Phone: +61 7 3365 4310 | Australia Fax: +61 7 3365 4311 | http://www.dstc.edu.au
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:27 MST