https://efb97021.aww-3cz.pages.dev/tags/ipsec/ Recent content in Ipsec on Aaron's Worthless Words Hugo en Fri, 23 Dec 2011 00:00:00 +0000 https://efb97021.aww-3cz.pages.dev/posts/2011/12/junos-vpn-hierarchy/ Fri, 23 Dec 2011 00:00:00 +0000 https://efb97021.aww-3cz.pages.dev/posts/2011/12/junos-vpn-hierarchy/ <p>Wow! A Junos post! Amazing.</p> <p>We all know that the configuration on a Junos box is very hierarchical. Sometimes it doesn&rsquo;t make a lot of sense, but it&rsquo;s all a pretty cascade of code. One of the big messes that I&rsquo;ve found is the VPN configuration hierarchy; there are way more items to configure than on an IOS device.  To reinforce the stpes in my head, I thought I&rsquo;d get some of the pieces into a post. These aren&rsquo;t all the options, but it&rsquo;s all you need to get a static IPSec tunnel up and running.</p> https://efb97021.aww-3cz.pages.dev/posts/2011/12/vrf-aware-ipsec-tunnels/ Tue, 13 Dec 2011 00:00:00 +0000 https://efb97021.aww-3cz.pages.dev/posts/2011/12/vrf-aware-ipsec-tunnels/ <p>Man, time is hard to come by of late.  I&rsquo;ve had so little time to rest that&rsquo;s it&rsquo;s hard to get my thoughts together.  It&rsquo;s a good thing in this case, though, since it&rsquo;s my fantastic job that&rsquo;s taking all my time.  It&rsquo;s great to see new network and learn their internals&hellip;especially when they were designed by some long-time CCIEs who actually knew what they were doing.</p> <p>One of the big things that I&rsquo;m dealing with lately is VRFs.  I&rsquo;ve implemented some VRF-lite stuff, but I&rsquo;ve never had any practical experience with the full force of them.  I&rsquo;m definitely learning here.  Since the blog here is really about my sharing what I&rsquo;ve learned, let&rsquo;s go through something that came up recently - terminating VPNs on one VRF while passing traffic to another.</p> https://efb97021.aww-3cz.pages.dev/posts/2011/01/network-protocol-overhead/ Mon, 10 Jan 2011 00:00:00 +0000 https://efb97021.aww-3cz.pages.dev/posts/2011/01/network-protocol-overhead/ <p>Here are some packet overhead numbers for a few popular protocols to help with doing bandwidth requirement calculations.  This may be another add-as-we-go post, so please comment with additions or corrections.</p> <blockquote> <p>Ethernet : 20 bytes<br> Frame Relay : 4 - 6 bytes<br> PPP : 6 bytes<br> MLPPP: 10 bytes<br> MPLS : 4 bytes</p> </blockquote> <blockquote> <p>IP : 20 bytes</p> </blockquote> <blockquote> <p>TCP : 20+ bytes<br> UDP : 8 bytes<br> GRE:  4 - 20+ bytes</p> https://efb97021.aww-3cz.pages.dev/posts/2010/11/stubby-post-a-story-on-vpn-hardware-acceleration/ Mon, 01 Nov 2010 00:00:00 +0000 https://efb97021.aww-3cz.pages.dev/posts/2010/11/stubby-post-a-story-on-vpn-hardware-acceleration/ <p>We use a hosted application that requires IPSec tunnels to the provider from different properties across the country.  The ones in the lower 48 perform adequately, but the new one in Alaska is absolutely horrible. </p>