IPSec – A swiss army knife of kludges


When I started my journey in the technology sector back in the early 2000’s, the world of networking comprised of simple structures. I remember configuring several standard branch sites that would connect to a central headquarters. There was only a handful of remote warriors who were assigned, and usually just a few high-ranking officials.

As the dependence on networking increased, so did the complexity of network designs. The standard single site became dual-based with redundant connectivity to different providers, advanced failover techniques, and high-availability designs became the norm. The number of remote workers increased, and eventually, security holes began to open in my network design.

Unfortunately, the advances in network connectivity were not in conjunction with appropriate advances in security, forcing everyone back to the drawing board. Without adequate security, the network connectivity that is left to defaults, is completely insecure and is unable to validate the source or secure individual packets. If you can’t trust the network, you have to somehow secure it. We secured connections over unsecured mediums, which led to the implementation of IPSec-based VPNs along with all their complex baggage. 

There are a variety of SD-WAN vendors offering traffic segmentation as the core service. However, this can be implemented in a variety of ways. Some implement with the basics of IPSec, others move to datagram transport layer security (DTLS) and companies like Lavelle Networks’ feature set uses a proprietary tunneling mechanism.

Leave a Reply

Your email address will not be published. Required fields are marked *