Members of SearchEnterpriseWAN.com ask IT professionals and experts alike about wide area networking technology at the IT Knowledge Exchange (ITKE) -- a special forum created for IT gurus like you to collaborate on enterprise technology questions and answers. Of the WAN questions that were asked and answered this year on the ITKE, the great majority had to do with IPv6 or virtual private networks (VPNs).
View the most-requested WAN questions with their respective answers in this top 10 in 2010 countdown:
WAN question No. 10 -- Layer 2 vs. Layer 3 links on your WAN: We are running Comcast fiber between sites. What are the best practices for using Layer 2 or Layer 3 across the WAN links? We currently use both. Are there security reasons for doing one versus the other?
Answer from ITKE blogger Yasirirfan: Layer 3 links are always better across the WAN. First and foremost, you can make sure the traffic is encrypted and secured. If you have multiple VLANs …
⇒ Continue reading about L2 vs. L3 on your WAN.
WAN question No. 9 -- Blocking Torrent applications to save bandwidth: I want to block Torrent applications like BitTorrent, uTorrent , LimeWire, etc. How can I accomplish this?
Answer from ITKE user Leeth: I have successfully used packet shapers in the past to do just this. There are free solutions …
⇒ Continue learning how to block Torrent applications to save bandwidth.
WAN question No. 8 -- How to purchase IPv6 addresses: How does the IPv6 addressing purchasing process work? I heard that ARIN gives enterprises IPv6 addresses for free, but is this true, and what are the conditions?
Answer from IPv6 expert Silvia Hagen: The place to go to for getting IPv6 addresses is your ISP. They will assign a block to you out of their range. However, for very large global companies …
⇒ Finish reading the answer to the question "Can I buy an IPv6 address?"
WAN question No. 7 -- Getting IPv4-mapped IPv6 addresses: Can someone explain exactly what an IPv4-mapped IPv6 address is and how it is possible to map IPv4 addresses to IPv6 addresses? Is there some kind of program/software/service that can do this for you?
Answer from ITKE featured member Technochic: This can be done by a translator …
⇒ Learn more about getting IPv4-mapped IPv6 addresses.
WAN question No. 6 -- Leased line vs. MPLS connectivity: What is the difference between leased line and MPLS for Intranet connectivity? Which one is more reliable and robust?
Answer from ITKE community manager EmNichs: Both of these technologies provide WAN connectivity. The main difference between leased lines -- such as point-to-point connections -- and MPLS …
⇒ Find out the difference between leased line and MPLS connectivity in this answer.
WAN question No. 5 -- Creating an IPsec
tunnel to a Cisco ASA 5520: I have a 3G WIC card (HWIC-3G-GSM) in a Cisco 1841 and need to
create an IPsec tunnel to a Cisco ASA 5520 firewall. If both peers used static IPs, then creating a
site-to-site (S2S) tunnel would be relatively easy. However, my 3G provider uses dynamic
addressing, which means my Cisco ASA must use aggressive mode, and this impacts PCI compliance. Is
there a workaround to set up an S2S IPsec VPN tunnel?
Answer from ITKE user OrangeNewbi: I have spoken directly to a Vodafone engineer that has set this up a couple of times. The 3G data connection is a connection into Vodafone's network and then this is broken out onto the internet via NAT, IPS-ID, content caching and content filtering. …
⇒ Read the full question and answer on creating an S2S VPN when the 3G card uses DHCP and not static IPs.
WAN question No. 4 -- Cisco 2811 router IPv6 configuration: How do I configure IPv6 on Fast Ethernet via the serial interface of a Cisco 2811 Integrated Services Router?
Answer from ITKE community manager EmNichs: The first step is to enable IPv6 on the router, since the default has it turned off (Router(config)#ipv6 unicast-routing). Next, enable Cisco CEF …
⇒ Read the rest of the configuration in the response to Cisco router IPv6 configuration.
WAN question No. 3 -- SSL VPN vs. SSTP VPNs: What's the difference between an SSL VPN and an SSTP VPN? Is the connection the same or is an SSL VPN more secure than an SSTP VPN?
Answer from ITKE moderator Carlosdl: An SSTP VPN (from Microsoft) is a form of an SSL VPN.
⇒ Learn more about SSL and SSTP VPNs.
WAN question No. 2 -- What is Port 443? I am setting up a Web SSL VPN for remote access across my WAN. Can someone explain why SSL VPNs use Port 443?
Answer from ITKE user DonMaslanka: TCP Port 443 is the standard TCP port that is used for websites, which use SSL. When you go to a website that uses https at the beginning, you are connecting to port 443. You should not use a different port number, because …
⇒ Finish reading about what Port 433 is.
WAN question No. 1 -- IPv6 CIDR notation: I've found lots of info on IPv4 whilst IPv6 is scarce. Can you explain IPv6 CIDR notation and how it is applied?
Answer from IPv6 expert Silvia Hagen: In short, the notation works exactly the same as with IPv4, which means if you have a /48 …
⇒ Continue reading the No. 1 answer in the top 10 of 2010 WAN questions: IPv6 CIDR notation.
For other top WAN content of 2010 view these articles:
- Top WAN news 2010: Application, cloud performance now part of the job
- 2010 year in review: Top WAN feature stories
- Top 10 tips in 2010 on wide area network technology
This was first published in December 2010