IETF Logo Mail Archive

Re: [BEHAVE] proprietary implementation v.s standardisedprotocols//re: draft-xu-behave-nat-state-sync-00

Cameron Byrne <cb.list6@gmail.com> Wed, 02 December 2009 04:37 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7665A3A67C2 for <behave@core3.amsl.com>; Tue, 1 Dec 2009 20:37:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.579
X-Spam-Level:
X-Spam-Status: No, score=-2.579 tagged_above=-999 required=5 tests=[AWL=0.020, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-XV90GDEg9e for <behave@core3.amsl.com>; Tue, 1 Dec 2009 20:37:26 -0800 (PST)
Received: from mail-gx0-f228.google.com (mail-gx0-f228.google.com [209.85.217.228]) by core3.amsl.com (Postfix) with ESMTP id 3341A3A67AE for <behave@ietf.org>; Tue, 1 Dec 2009 20:37:15 -0800 (PST)
Received: by gxk28 with SMTP id 28so3038277gxk.9 for <behave@ietf.org>; Tue, 01 Dec 2009 20:37:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=evF2yLYaAMy2p+b3mMrreD1wUGkjXq1eEVXN5twf/go=; b=bOI3i5iTzCI0MPBK63SJT8cveFcUOBqdIDUNnhEc6Mk8iRrw9nhpgVYZs5PsSvYemD lE/D0wawD1qpzaQ969ayU6Ad3QGTKY/P0sz2/ED5jWs/SliWuWq08VgqeR9cxh4ou2MR nJ+j+oqljaFfcrFJK8/M1k54RRsTbqXQJ4k/A=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=lp3Pd7Ih1I5Mg5upspqATKMOkKLDJWRQQT9GaxAKJxncvVNLMF5q9rYATBum9iFr55 Q5D6qaKBdnRekQtq2nl11ylpArMa6xWzEdWbDKgk7FwjefYTeinyi6ZNHxjS1E73coao MBNqq3iTwvPpDpceJU78iNI2Dk/vEqB98GzM8=
MIME-Version: 1.0
Received: by 10.150.162.18 with SMTP id k18mr11421938ybe.155.1259728624858; Tue, 01 Dec 2009 20:37:04 -0800 (PST)
In-Reply-To: <000001ca72f4$1e1a30a0$c3f0200a@cisco.com>
References: <4B156B5C.7060800@viagenie.ca> <003401ca72f1$7d0d0310$d40c6f0a@china.huawei.com> <000001ca72f4$1e1a30a0$c3f0200a@cisco.com>
Date: Tue, 01 Dec 2009 20:37:04 -0800
Message-ID: <bcff0fba0912012037m3c24bbccyf6d9dde59299362d@mail.gmail.com>
From: Cameron Byrne <cb.list6@gmail.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: behave@ietf.org, Xu Xiaohu <xuxh@huawei.com>
Subject: Re: [BEHAVE] proprietary implementation v.s standardisedprotocols//re: draft-xu-behave-nat-state-sync-00
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 04:37:27 -0000

On Tue, Dec 1, 2009 at 6:06 PM, Dan Wing <dwing@cisco.com> wrote:
> ...
>> > * Cluster = A set of synchronized NAT64 boxes sharing a
>> > single Pref64::/n.
>>
>> Does that mean a set of NAT64 boxes within a cluster should
>> be from a single
>> vendor? If so, how to deal with the case that some abnormal
>> packets cause
>> NAT boxes (using the same OS) within a cluster to crash
>> simultaneously due to a bug with that OS?
>
> The vendor fixes the bug.
>

100% agree.  The counter to Xu Xiaohu's point is what happens when
vendor X sends a buggy sync update to vendor Y, and now vendor Y
crashes.... ok.  We traded one unlikely (but real) bad situation for
another unlikely but bad situation.


> The operational complexity of running two NATs, from two different vendors, is
> very high:  different CLIs, different alarming/alerting (e.g., SYSLOG, SNMP,
> per-session NAT logging), different features (e.g., IPsec Passthru, SCTP),
> different implementation of features (e.g., TCP MSS adjustment, fragmentation
> [timeouts?  how much memory dedicated to reassembly?  out-of-order packets
> supported?]), bandwidth and throughput (Mbps, pps),  make it too hard to
> operate both NATs.

100% agree.

>
> To my knowledge, sites do not run two different implementations of DNS servers
> (e.g., ISC BIND and InfoBlox, or Microsoft and Unbound) where both DNSs back
> up each other.  Like NAT, DNS needs to be rock-solid reliable, and a single
> packet could take out a DNS server.
>
> -d
>
> _______________________________________________
> Behave mailing list
> Behave@ietf.org
> https://www.ietf.org/mailman/listinfo/behave
>

v2.23.0 | Report a Bug | By Email