[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PRISM: NSA/FBI Internet data mining project

Subject: PRISM: NSA/FBI Internet data mining project
From: malayter at gmail.com (Ryan Malayter)
Date: Sun, 9 Jun 2013 12:49:44 -0500
In-reply-to: <0CFF54003CD92945994CF0C0F90D81B6014EFB9F@EXCH1-FWA1.zenetra.local>
References: <[email protected]> <CAEmG1=omDK8eah3Vbg=7QqsfdCrdPbm8oHBCCFDRbXrRS+ZpLg@mail.gmail.com> <[email protected]> <CAJL_ZMOh93ov52O2rVCdPCEhhtWH49oy4gaPvK6Eqz4S2WAzkw@mail.gmail.com> <[email protected]> <[email protected]> <CABL6YZTGVEdcdun2MPRa6VeZa91vu5XvJpzMXzQt2NYq6BWjdQ@mail.gmail.com> <[email protected]> <0CFF54003CD92945994CF0C0F90D81B6014EFB9F@EXCH1-FWA1.zenetra.local>

On Jun 9, 2013, at 7:20 AM, "R. Benjamin Kessler" <Ben.Kessler at zenetra.com> wrote: 
> I see that there is actually a beast that will do encryption of multiple 10G waves between Cisco ONS boxes - 
> 
> https://www.cisco.com/en/US/prod/collateral/optical/ps5724/ps2006/at_a_glance_c45-728015.pdf
> 
> How many people are actually doing this?

Not sure why you would want the massive fail that is layer-2 DCI in the first place, but you certainly don't need this sort of ridiculously expensive gear.

Packet encryption is embarrassingly parallel when you have lots of flows, and best distributed throughout the infrastructure to many endpoints. One big expensive box is one big bottleneck and one big SPOF.

We actually use cluster-to-cluster and even host-to-host IPsec SAs in certain cases.

References:
- PRISM: NSA/FBI Internet data mining project
  - From: jra at baylink.com (Jay Ashworth)
- PRISM: NSA/FBI Internet data mining project
  - From: mpetach at netflight.com (Matthew Petach)
- PRISM: NSA/FBI Internet data mining project
  - From: goemon at anime.net (goemon at anime.net)
- PRISM: NSA/FBI Internet data mining project
  - From: deleskie at gmail.com (jim deleskie)
- PRISM: NSA/FBI Internet data mining project
  - From: bicknell at ufp.org (Leo Bicknell)
- PRISM: NSA/FBI Internet data mining project
  - From: mis at seiden.com (Mark Seiden)
- PRISM: NSA/FBI Internet data mining project
  - From: j at arpa.com (jamie rishaw)
- PRISM: NSA/FBI Internet data mining project
  - From: malayter at gmail.com (Ryan Malayter)
- PRISM: NSA/FBI Internet data mining project
  - From: Ben.Kessler at zenetra.com (R. Benjamin Kessler)

Prev by Date: Prism continued
Next by Date: OC3/STM-1 Line Card
Previous by thread: PRISM: NSA/FBI Internet data mining project
Next by thread: PRISM: NSA/FBI Internet data mining project
Index(es):
- Date
- Thread