Network performance testing is hard. While Cisco and other incumbents seem to be busy playing a game of catch-up to market leader Palo Alto, I meanwhile still need solutions that aren't so intently focused on the enterprise. The Challenge Let's say a startup has hired me to design a data center network for their existing co-lo space that will be used to host all of their services. Some benefits of using VTI is it that does away with the painful requirement of configuring all of those joyless static crypto map access-lists, meaning you no longer have to manually maintain all possible local-to-remote prefix security associations. The non-transitive nature also limits the design you can use even within that single region, since full connectivity between all of your VPCs would require a full mesh.

