I think many customers would benefit from having an easy solution to secure inter-datacenter communications.

It would be nice to have a Linode operated VPN service that allows you to setup a network between all of your linodes across all datacenters (and maybe allow linking with locations outside of Linode such as a work computer)

It would allow an additional layer of security because you could make SSH listen only on the VPN for login access and avoid attacks on SSH altogether.

It would also take quite a bit of complexity out of designing systems that require hosting in multiple facilities for redundancy.

Setting up a VPN to do this yourself is pretty simple (this gets into the "managed vs unmanaged" thing, I think), I'd be more concerned about having to pay about bandwidth between datacenters.

It all boils down to the fact that Linode doesn't own their own network, it's provided by the datacenters they host in. So they don't have their own fibre (owned or leased) between the datacenters, which means they have to pay for any bandwidth between datacenters.

IPv6 makes this _much_ easier.

It doesn't solve all your problems, obviously, and it's not available everywhere... But where it is available, it makes it much easier to blur the cross-datacenter lines.

IPv6 may add some other options, but I'm not sure how much it simplifies the basic architecture. You're still going to want border machines that own the cross-data center tunnel (otherwise it's not a secure private network), and you still need to manage address assignments to be routed over the internal connections. It's just as easy to use private IPv4 space (say 10.10.x.x for one DC and 10.11.x.x for the other) as it would be to use IPv6 space. I guess if you had enough machines to make using the private space hard it might help.

Unless you're assuming no tunnel and just direct traffic to all the nodes public IPv6 pools (which I do agree IPv6 makes possible). But that relegates security on a per-protocol basis, and firewall maintenance on each node for any protocols being used. That has very different security characteristics than a true VPN between data centers, and I'd generally opt for the latter.

-- David

I'm with guspaz: inter-dc bandwidth is what I think about: I'd like to look at multiple DC redundancy. Does anyone except softlayer wave inter-dc?