ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    MPLS alternative

    Scheduled Pinned Locked Moved IT Discussion
    mplsvpnmutli site
    172 Posts 13 Posters 30.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • hobbit666H
      hobbit666
      last edited by

      I only said VPN because Scott mentioned it several times in the other thread.

      If we didn't have VPN/MPLS how would we serve our Citrix farm at the main site?

      DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
      • hobbit666H
        hobbit666 @scottalanmiller
        last edited by

        @scottalanmiller said in MPLS alternative:

        These are things you never want. "Managed"

        This I kind of disagree with, if we have an issue with a connection we phone it in and they sort withing the SLA. Down time means £££ loss.
        Currently with the MPLS we have 4hr replacement on hardware and high SLA with BT on the pstn lines.

        But looking at replacing that with possible 4g backups so we can wait 48hr for BT to fix

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • hobbit666H
          hobbit666 @scottalanmiller
          last edited by

          @scottalanmiller said in MPLS alternative:

          @hobbit666 said in MPLS alternative:

          3 sites have 20+ users these are served by 100mb leased lines, would like to keep these.

          Why would you ever want a leased line? Leased lines essentially only exist today to make MPLS possible. They are costly and risky.

          Because we "couldn't" get a line above 5mb so Replication to the DR site would be impossible. Also handling the traffic from all the sites, like print servers, smb shares etc
          (most of these are getting replaced slowly with things like o365)

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • hobbit666H
            hobbit666 @Obsolesce
            last edited by

            @Obsolesce said in MPLS alternative:

            Why no intent towards a Zero Trust architecture

            Because I've never heard of it 😁. Now I have I've got 3yrs to look into it.

            1 Reply Last reply Reply Quote 0
            • hobbit666H
              hobbit666 @scottalanmiller
              last edited by

              @scottalanmiller said in MPLS alternative:

              Neither of these would have any benefits from MPLS or a VPN set to work like MPLS.

              Agreed with o365 but I mainly mentioned as its one of our main traffic usage now

              1 Reply Last reply Reply Quote 0
              • hobbit666H
                hobbit666
                last edited by

                So what about SDWAN? Would this be an alternative too?

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • hobbit666H
                  hobbit666 @scottalanmiller
                  last edited by

                  @scottalanmiller said in MPLS alternative:

                  1990's LAN-based thinking. Modern networks with security are zero-trust (aka LANless) in design and VPN/MPLS would not serve any purpose.

                  I'll put my hand up and agree this is me, but will be looking at LANless/zero-trust on Monday and learn what it means fully.

                  IRJI 1 Reply Last reply Reply Quote 0
                  • IRJI
                    IRJ @hobbit666
                    last edited by

                    @hobbit666 said in MPLS alternative:

                    @scottalanmiller said in MPLS alternative:

                    1990's LAN-based thinking. Modern networks with security are zero-trust (aka LANless) in design and VPN/MPLS would not serve any purpose.

                    I'll put my hand up and agree this is me, but will be looking at LANless/zero-trust on Monday and learn what it means fully.

                    Yeah that's really the only route to go anymore

                    scottalanmillerS 1 Reply Last reply Reply Quote 2
                    • hobbit666H
                      hobbit666
                      last edited by

                      Any link to good reading on zero-trust stuff?

                      ObsolesceO scottalanmillerS 2 Replies Last reply Reply Quote 0
                      • ObsolesceO
                        Obsolesce @hobbit666
                        last edited by

                        @hobbit666 said in MPLS alternative:

                        Any link to good reading on zero-trust stuff?

                        This is a good start:

                        https://www.nist.gov/publications/zero-trust-architecture

                        1 Reply Last reply Reply Quote 1
                        • DashrenderD
                          Dashrender @scottalanmiller
                          last edited by

                          @scottalanmiller said in MPLS alternative:

                          @hobbit666 said in MPLS alternative:

                          Basics are the Citrix/SQL/DC are all at main site then a DR site at another site.

                          None of those would benefit from the design that you have today. In any fashion. Unless we are missing something huge.

                          MPLS or Mesh VPN to replicate it would be if you have servers sprinkled through all the sites or people moving files directly using desktop to desktop file sharing or something awful like that.

                          Since every workload that you are mentioning would normally scream "No VPN, No MPLS", I think a description of why any of this exists or why any of it should be replicated is needed. Your key workloads give us nothing to work with. There has to be a niche workload that is a problem that drove these decisions. Without knowing about that, we can't help much other than to keep repeating that you should ditch absolutely everything and start fresh. Don't try to build off of anything currently in place.

                          LOL - You know that's not likely true.. The chances are greater that someone was just trying to bandaid (and possible not even a good bandaid) something at the beginning and as time went on, they simply continued down the previous course.

                          1 Reply Last reply Reply Quote 2
                          • DashrenderD
                            Dashrender @hobbit666
                            last edited by

                            @hobbit666 said in MPLS alternative:

                            I only said VPN because Scott mentioned it several times in the other thread.

                            If we didn't have VPN/MPLS how would we serve our Citrix farm at the main site?

                            You serve Citrix directly on the internet, Citrix's protocol ICA includes encryption. Sending ICA over VPN is double encryption.

                            hobbit666H 1 Reply Last reply Reply Quote 0
                            • gjacobseG
                              gjacobse
                              last edited by gjacobse

                              Just happened to think back,

                              The emergency system (911) used MPLS between the county sites and the main server.

                              How would a VPN have replaced this? Down time is one thing, but down time and no ability to get emergency calls passed,... that’s serious

                              1 travisdh1T scottalanmillerS 3 Replies Last reply Reply Quote 0
                              • 1
                                1337 @gjacobse
                                last edited by

                                @gjacobse
                                alt text

                                1 1 Reply Last reply Reply Quote 0
                                • 1
                                  1337 @1337
                                  last edited by

                                  Also the entire internet is a mesh of sorts.
                                  There are multiple ways to go from point A to point B if you are connected the right way.

                                  alt text

                                  1 Reply Last reply Reply Quote 1
                                  • 1
                                    1337
                                    last edited by 1337

                                    I don't know much about MPLS except that even with redundant links the entire connection goes down if the company that runs it has a problem. So it's some kind of half-redundancy.

                                    For real redundancy you need to have multiple links using different operators.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 1
                                    • travisdh1T
                                      travisdh1 @gjacobse
                                      last edited by

                                      @gjacobse said in MPLS alternative:

                                      Just happened to think back,

                                      The emergency system (911) used MPLS between the county sites and the main server.

                                      How would a VPN have replaced this? Down time is one thing, but down time and no ability to get emergency calls passed,... that’s serious

                                      Well, you already have a SPOF in the MPLS. MPLS does not provide any redundancy. A backhoe cutting the ISP lines still takes them down.

                                      If the people running the 911 system wanted redundancy, they'd need two internet connections of some sort.

                                      gjacobseG 1 Reply Last reply Reply Quote 0
                                      • gjacobseG
                                        gjacobse @travisdh1
                                        last edited by

                                        @travisdh1 said in MPLS alternative:

                                        @gjacobse said in MPLS alternative:

                                        Just happened to think back,

                                        The emergency system (911) used MPLS between the county sites and the main server.

                                        How would a VPN have replaced this? Down time is one thing, but down time and no ability to get emergency calls passed,... that’s serious

                                        Well, you already have a SPOF in the MPLS. MPLS does not provide any redundancy. A backhoe cutting the ISP lines still takes them down.

                                        If the people running the 911 system wanted redundancy, they'd need two internet connections of some sort.

                                        There is a lot of redundancy built in- it’s an absolute must. And yes, a backhoe, homeowner and even Mother Nature will play havoc...

                                        1 Reply Last reply Reply Quote 0
                                        • hobbit666H
                                          hobbit666 @Dashrender
                                          last edited by hobbit666

                                          @Dashrender said in MPLS alternative:

                                          You serve Citrix directly on the internet, Citrix's protocol ICA includes encryption. Sending ICA over VPN is double encryption.

                                          This is one thing management have never liked. Opening the server to the outside world 😁.
                                          But times are changing so going a mix of VPN for some serves and direct serve (i.e. on the internet) might be an option.

                                          scottalanmillerS DashrenderD 2 Replies Last reply Reply Quote 0
                                          • dafyreD
                                            dafyre @hobbit666
                                            last edited by

                                            @hobbit666 said in MPLS alternative:

                                            How would multiple vpns be handled. Would it be a case each sites router would have multiple vpns to each site? Or a single VPN to a singe "master" site/device.

                                            To make it simple, I'd do Each site's router would have a single VPN to HQ (the master site).

                                            scottalanmillerS 1 Reply Last reply Reply Quote 2
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 8
                                            • 9
                                            • 2 / 9
                                            • First post
                                              Last post