A
A
alex25m2017-03-01 13:37:51
VPN
alex25m, 2017-03-01 13:37:51

Traffic encryption in VPLS?

Good afternoon. There is such a task: Organization LLC "" moves from one building to another. Number of jobs 80-100. It is not possible to move at once. So the transition is gradual. First, less busy employees with clients, then the main backbone, and lastly, the main server infrastructure.
It turned out to connect all existing Internet providers from the old one to the new building. The network within the organization is flat. In order to carry out a phased move and not stop the work of the organization, the possibility of connecting the VPLS service between the old and new building during the move was discussed with the provider.
Questions:
1. VPLS doesn't include encryption, does it?
2. Is there an encryption solution - to configure between ports on some pieces of iron?
3. How much encryption is needed in VPLS? (The provider probably has the ability to copy traffic, do they do this).
Can anyone share their experience in this service, or suggest some ideas in this task?
(So ​​far, I’m starting from the fact that the network is flat, if you make vlans, then you can also raise vpn tunnels without additional provider services.)
Thanks for any help.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Alexey, 2017-03-01
@alcyone

s2s IPSec won't work?

V
Valentin, 2017-03-01
@vvpoloskin

Answers to your questions:
1) no.
2) of course there are, they are many and different, but you need to take care of this in advance.
3) usually the requirement for encryption is a requirement of the Customer's information security, these requirements come from policies within the organization.
Imagine that all your equipment is connected to one unmanaged switch, even if all your facilities are geographically separated. This will be VPLS. Can a regular switch encrypt? Is it necessary for him? The answers are obvious.
How are channels encrypted in VPLS? Options:
1) Special crypto gateways
2) Proprietary technologies such as MACSEC
3) Site-to-site ipsec
3) End-to-end encryption of critical services (encrypted application protocols)

A
Artem, 2017-03-09
@gangz

I think it is not advisable for you to implement such solutions for the sake of moving.
The provider will give you an L2 pipe between offices, in fact, allocate a separate vlan for you, register it from both ends and he doesn’t care what you have spinning and running there.
But if you’re overthinking it, prepare about a lama or two to attach encryption to this pipe ...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question