North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Q: Sizes of Existing and Planned Fully Meshed IPSEC VPN (Tunnel Mode)

  • From: Tim Bass
  • Date: Tue Oct 23 18:55:35 2001

Lots of old and dear friends in NANOG to say HELLO!, it
has been many, many years since I've posted here.   Hopefully
this very simply question will not be very controversial :)

I did a search of the archives on VPN with keywords 'size' and
'mesh' only to find a thread debating the merits of MPLS.  This
was an interested thread and some of my old and dear friends
were active in that discussion.  Please allow me to ask a simple
less-technical question.  My apologies if this has been discussed
and I missed it in the archives.

We have a Cisco IPSEC based VPN with over 110 edge routers
in a full tunnel-mode mesh, mostly 'big hunking routers' with 
average CPU utilization under 15 percent.     The VPN is
controlled by a single organization, under centralized admin.

Are there larger fully meshed VPNs out there in ISP land?  

Are there any 'real-tangible issues' with a fully meshed VPN
at the size we are talking (around 120  sites fully meshed)?

The marketing hype tends to be great.   I like -vadim's closing
comments in:

http://www.merit.edu/mailinglist/mailarchives/old_archive/2001-08/msg00311.html

as follows:

 "Sometimes older ways are simply better."  --vadim

This seems to be true regarding a simple fully-meshed IPSEC VPN
in tunnel-mode, right NANOG geniuses?   Is 110 fulled
meshed edge routers  considered big??

Finest Regards, Tim

www.silkroad.com