nanog mailing list archives

Re: PRISM: NSA/FBI Internet data mining project

From: Ryan Malayter <malayter () gmail com>
Date: Sun, 9 Jun 2013 12:49:44 -0500



On Jun 9, 2013, at 7:20 AM, "R. Benjamin Kessler" <Ben.Kessler () zenetra com> wrote:

I see that there is actually a beast that will do encryption of multiple 10G waves between Cisco ONS boxes - 

https://www.cisco.com/en/US/prod/collateral/optical/ps5724/ps2006/at_a_glance_c45-728015.pdf

How many people are actually doing this?


Not sure why you would want the massive fail that is layer-2 DCI in the first place, but you certainly don't need this 
sort of ridiculously expensive gear.

Packet encryption is embarrassingly parallel when you have lots of flows, and best distributed throughout the 
infrastructure to many endpoints. One big expensive box is one big bottleneck and one big SPOF.

We actually use cluster-to-cluster and even host-to-host IPsec SAs in certain cases.

Current thread:

RE: PRISM: NSA/FBI Internet data mining project, (continued)
- - - RE: PRISM: NSA/FBI Internet data mining project Alex Rubenstein (Jun 07)
    - RE: PRISM: NSA/FBI Internet data mining project Adam Vitkovsky (Jun 10)
    - Re: PRISM: NSA/FBI Internet data mining project William Herrin (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project James Harrison (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project ku po (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project ku po (Jun 08)
    - Re: PRISM: NSA/FBI Internet data mining project Jason L. Sparks (Jun 09)
    - RE: PRISM: NSA/FBI Internet data mining project Keith Medcalf (Jun 09)
    - Re: PRISM: NSA/FBI Internet data mining project Ryan Malayter (Jun 08)
    - RE: PRISM: NSA/FBI Internet data mining project R. Benjamin Kessler (Jun 09)
    - Re: PRISM: NSA/FBI Internet data mining project Ryan Malayter (Jun 09)
    - Re: PRISM: NSA/FBI Internet data mining project William Herrin (Jun 09)
    - Re: PRISM: NSA/FBI Internet data mining project Kauto Huopio (Jun 10)
    - Re: PRISM: NSA/FBI Internet data mining project Eugen Leitl (Jun 10)
  - Re: PRISM: NSA/FBI Internet data mining project Valdis . Kletnieks (Jun 06)
  - Re: PRISM: NSA/FBI Internet data mining project Matthew Petach (Jun 07)
    - Re: PRISM: NSA/FBI Internet data mining project Warren Bailey (Jun 07)
    - Re: PRISM: NSA/FBI Internet data mining project Michael Hallgren (Jun 07)
    - Re: PRISM: NSA/FBI Internet data mining project Paul Ferguson (Jun 07)
    - Re: PRISM: NSA/FBI Internet data mining project Mark Seiden (Jun 07)
    - Re: PRISM: NSA/FBI Internet data mining project Nick Khamis (Jun 07)

(Thread continues...)