yairamir at cnds.jhu.edu
Thu Jan 10 12:20:23 EST 2002
Can you educate me as to why you need Spread on your HOME network
between several segments crossing the Internet?
What is the use of Spread that a family could want?
That's a first for me :)
Mark Anacker wrote:
> >I understand how that works. It gets sent of an IP link... IPSEC
> >provides a secure IP layer. TCP/IP.. UDP/IP.. call it whatever suits
> >you. That is exactly what happens in my set up. I can do 100Mbs solid
> >between my VPNs (encrypted). They are dedicated hardware devices.
> >Their real IP addresses are firewalled so that they can only see each
> >other only are only visible to each other.
> >The latency involved when encrypting the packets and encapsulating in a
> >new IP frame is negligible compared the latency between my sites.
> Nice, but a bit expensive for my home networks.
> >Tunneling things over ssh is SLOW unless you have a hardware card
> >supported by openssl and utilize that. Besides, you machine is busy
> >doing other things and shouldn't be bogged down with encryption. Spread
> >is pretty CPU hungry when you start pushing heavy traffic.
> I've never noticed a performance problem with SSH, and I usually have
> sessions going at once. The firewall/proxy box *is* a dedicated Linux
> but I'll swamp the net bandwidth before I bog the machine down.
> >As for administrating yet another configuration... Your network admin
> >should be responsible for that. If you are the network admin -- its
> >your job ;-) Basically, my opinion is that you need a solution or you
> >don't. The IPSEC solution that I use is probably the most cost
> >effective solution for my needs. UDP and TCP have little bearing on the
> No, software design is my *job* - maintaining this network was supposed to
> a *hobby* :-) I've been a network admin, and believe me, the family is a
> more demanding user base than any bunch of cubicle dwellers. Not only do
> demand 24/7 support, but they know where I live :-)
> No, the reasons I wanted a TCP tunneling mechanism are:
> - it lets me cheaply, securely distribute spread segments
> - it's built into spread, so no extra stuff is required (apart from the
> tunneling mechanism)
> - it works on any platform spread does, including Windows, without OS
> I think I'll go wander through the code and see what I can come up with.
> Spread-users mailing list
> Spread-users at lists.spread.org
More information about the Spread-users