Summary
In this chapter, you have seen it demonstrated that the IPSec peer-to-peer model has a significant impact on the support of enhanced applications such as VoIP and multicast. Also highlighted was the impact that encryption has on the QoS models used to prioritize these enhanced applications. Specifically, the use of the IP DSCP or precedence values was emphasized as the common denominator for queuing before encryption, between encryption peers, and after encryption. It is critical to use a consistent QoS classification model in the convergence of voice and data streams on a common IPSec topology. Fortunately, the IPSec peer model readily accommodates the point-to-point nature of VoIP communications. In contrast, the multicast communication paradigm does not conform to the IPSec peer model. Network architects must analyze the organization's application communication requirements and business requirements to select the appropriate IPSec paradigm and topology. In doing so, a number of trade-offs are made with regard to optimal topology, traffic management, capacity planning, and provisioning complexity. Many enterprises are turning to service provider solutions such as MPLS/VPN services in order to optimize their application deployment models, capacity planning, and traffic engineering. The final chapter steps through the relationship of IPSec VPN solutions in conjunction with other network-based VPN solutions such as MPLS VPNs. |
لطفا منتظر باشید ...
