IETF Logo Mail Archive

Re: [BEHAVE] proprietary implementation v.s standardisedprotocols//re: draft-xu-behave-nat-state-sync-00

"Dan Wing" <dwing@cisco.com> Wed, 02 December 2009 02:07 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7818828C10F for <behave@core3.amsl.com>; Tue, 1 Dec 2009 18:07:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.275
X-Spam-Level:
X-Spam-Status: No, score=-6.275 tagged_above=-999 required=5 tests=[AWL=0.324, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TpzY6QAXNQdL for <behave@core3.amsl.com>; Tue, 1 Dec 2009 18:07:25 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id 397483A69CE for <behave@ietf.org>; Tue, 1 Dec 2009 18:07:01 -0800 (PST)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApsEAM9aFUurRN+J/2dsb2JhbACKN7UlmCWEMQSBag
X-IronPort-AV: E=Sophos;i="4.47,325,1257120000"; d="scan'208";a="112460414"
Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-5.cisco.com with ESMTP; 02 Dec 2009 02:06:53 +0000
Received: from dwingwxp01 ([10.32.240.195]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id nB226rHd006882; Wed, 2 Dec 2009 02:06:53 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Xu Xiaohu' <xuxh@huawei.com>, 'Simon Perreault' <simon.perreault@viagenie.ca>
References: <4B156B5C.7060800@viagenie.ca> <003401ca72f1$7d0d0310$d40c6f0a@china.huawei.com>
Date: Tue, 01 Dec 2009 18:06:53 -0800
Message-ID: <000001ca72f4$1e1a30a0$c3f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-reply-to: <003401ca72f1$7d0d0310$d40c6f0a@china.huawei.com>
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
Thread-index: AcpyurY2ozKXvywbRSmGU3G+3rofaAANVYogAACgIiA=
Cc: behave@ietf.org
Subject: Re: [BEHAVE] proprietary implementation v.s standardisedprotocols//re: draft-xu-behave-nat-state-sync-00
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 02:07:27 -0000

... 
> > * Cluster = A set of synchronized NAT64 boxes sharing a 
> > single Pref64::/n.
> 
> Does that mean a set of NAT64 boxes within a cluster should 
> be from a single
> vendor? If so, how to deal with the case that some abnormal 
> packets cause
> NAT boxes (using the same OS) within a cluster to crash 
> simultaneously due to a bug with that OS?

The vendor fixes the bug.

The operational complexity of running two NATs, from two different vendors, is
very high:  different CLIs, different alarming/alerting (e.g., SYSLOG, SNMP,
per-session NAT logging), different features (e.g., IPsec Passthru, SCTP),
different implementation of features (e.g., TCP MSS adjustment, fragmentation
[timeouts?  how much memory dedicated to reassembly?  out-of-order packets
supported?]), bandwidth and throughput (Mbps, pps),  make it too hard to
operate both NATs.

To my knowledge, sites do not run two different implementations of DNS servers
(e.g., ISC BIND and InfoBlox, or Microsoft and Unbound) where both DNSs back
up each other.  Like NAT, DNS needs to be rock-solid reliable, and a single
packet could take out a DNS server.

-d

v2.23.0 | Report a Bug | By Email