[Spread-users] Tunnels

Yair Amir yairamir at cnds.jhu.edu
Thu Jan 10 12:20:23 EST 2002 

Hi Mark,

Can you educate me as to why you need Spread on your HOME network
between several segments crossing the Internet?
What is the use of Spread that a family could want?

That's a first for me :)

	Cheers,

	:) Yair.

Mark Anacker wrote:
> 
> >I understand how that works.  It gets sent of an IP link... IPSEC
> >provides a secure IP layer.  TCP/IP.. UDP/IP.. call it whatever suits
> >you.  That is exactly what happens in my set up.  I can do 100Mbs solid
> >between my VPNs (encrypted).  They are dedicated hardware devices.
> >Their real IP addresses are firewalled so that they can only see each
> >other only are only visible to each other.
> 
> >The latency involved when encrypting the packets and encapsulating in a
> >new IP frame is negligible compared the latency between my sites.
> 
> Nice, but a bit expensive for my home networks.
> 
> >Tunneling things over ssh is SLOW unless you have a hardware card
> >supported by openssl and utilize that.  Besides, you machine is busy
> >doing other things and shouldn't be bogged down with encryption. Spread
> >is pretty CPU hungry when you start pushing heavy traffic.
> 
> I've never noticed a performance problem with SSH, and I usually have
> several
> sessions going at once.  The firewall/proxy box *is* a dedicated Linux
> machine,
> but I'll swamp the net bandwidth before I bog the machine down.
> 
> >As for administrating yet another configuration...  Your network admin
> >should be responsible for that.  If you are the network admin -- its
> >your job ;-)  Basically, my opinion is that you need a solution or you
> >don't.  The IPSEC solution that I use is probably the most cost
> >effective solution for my needs.  UDP and TCP have little bearing on the
> 
> No, software design is my *job* - maintaining this network was supposed to
> be
> a *hobby* :-)  I've been a network admin, and believe me, the family is a
> much
> more demanding user base than any bunch of cubicle dwellers.  Not only do
> they
> demand 24/7 support, but they know where I live :-)
> 
> No, the reasons I wanted a TCP tunneling mechanism are:
> 
> - it lets me cheaply, securely distribute spread segments
> - it's built into spread, so no extra stuff is required (apart from the
> tunneling mechanism)
> - it works on any platform spread does, including Windows, without OS
> modifications
> 
> I think I'll go wander through the code and see what I can come up with.
> 
> _______________________________________________
> Spread-users mailing list
> Spread-users at lists.spread.org
> http://lists.spread.org/mailman/listinfo/spread-users

More information about the Spread-users mailing list