51
Deployment / Re: Suggested deployment between two firewalled sites
« Last post by blazarov on May 09, 2018, 06:46:20 AM »Hi,
My calculations result in bandwidth-delay product for this particular link is > 750KB, so it definitely qualifies as LFN as per RFC1072
Aside from theory, real life shows the typical undesirable LFN effects, such as poor TCP performance, also very dependent on the endpoint OS'es, hence the use case for WANOS.
Regarding PBR - what bothers me is the right-hand network. As you can see all subnets are directly connected to the firewall which acts as their default GW for the segment. The same firewall terminates the IPSec to the remote site, no hops in between. In this case I dont see any good PBR implementation, am I missing something?
My calculations result in bandwidth-delay product for this particular link is > 750KB, so it definitely qualifies as LFN as per RFC1072
Aside from theory, real life shows the typical undesirable LFN effects, such as poor TCP performance, also very dependent on the endpoint OS'es, hence the use case for WANOS.
Regarding PBR - what bothers me is the right-hand network. As you can see all subnets are directly connected to the firewall which acts as their default GW for the segment. The same firewall terminates the IPSec to the remote site, no hops in between. In this case I dont see any good PBR implementation, am I missing something?