[IPsec] Issue #177. (was: HA/LS terminology)

Yoav Nir <ynir@checkpoint.com> Tue, 23 March 2010 21:20 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 5000E3A6C89 for <ipsec@core3.amsl.com>; Tue, 23 Mar 2010 14:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.219
X-Spam-Status: No, score=-0.219 tagged_above=-999 required=5 tests=[AWL=-0.350, BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id Njz9bxHqP5yW for <ipsec@core3.amsl.com>; Tue, 23 Mar 2010 14:20:33 -0700 (PDT)
Received: from michael.checkpoint.com (michael.checkpoint.com []) by core3.amsl.com (Postfix) with ESMTP id 52C4C3A6C87 for <ipsec@ietf.org>; Tue, 23 Mar 2010 14:20:31 -0700 (PDT)
Received: from il-ex01.ad.checkpoint.com (il-ex01.checkpoint.com []) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id o2NLKVsd004359; Tue, 23 Mar 2010 23:20:31 +0200 (IST)
X-CheckPoint: {4BA92FE8-0-1211DC2-2FFFF}
Received: from il-ex01.ad.checkpoint.com ([]) by il-ex01.ad.checkpoint.com ([]) with mapi; Tue, 23 Mar 2010 23:20:52 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: Rodney Van Meter <rdv@sfc.wide.ad.jp>
Date: Tue, 23 Mar 2010 23:20:28 +0200
Thread-Topic: Issue #177. (was: HA/LS terminology)
Thread-Index: AcrKzrayy2IIP9LJTpuRJYqHtPnU4Q==
Message-ID: <1699285A-BDB7-40A6-BA58-5228AAE1133A@checkpoint.com>
References: <7EF09073-9D20-4077-A8DD-59B84B1732D0@sfc.wide.ad.jp> <7bc30fde97954c9f651eb436c822dab7.squirrel@webmail.arsc.edu> <118D7A1E-6090-4D71-9FEB-89AEB189CA94@sfc.wide.ad.jp>
In-Reply-To: <118D7A1E-6090-4D71-9FEB-89AEB189CA94@sfc.wide.ad.jp>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Melinda Shore <shore@arsc.edu>
Subject: [IPsec] Issue #177. (was: HA/LS terminology)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2010 21:20:35 -0000

And thank you for taking the time, Rod.

The linktionary has a pretty good definition, though I don't know if it counts as "textbook". Same for Wikipedia

Anyway, we need to limit the scope of this document. I think we're only interested in clusters that provide high-availability, that are, to use your terms, completely or partially transparent.

Also, while there could be clusters with m members, where n, such that 1<=n<=m, are active, for the purposes of the discussion it is enough to assume that we're dealing with two types of high-availability, mostly transparent clusters:
- Those where exactly one does IKE and IPsec, and the rest just synchronize state, and
- Those where more than one member are doing IKE and IPsec, all the time synchronizing state.

This taxonomy is needed, because some of the problems that affect one cluster type do not affect the other.

So I propose the following terms, and these are not for generic clusters providing generic services to the generic Internet, but only for the purposes of this work item in this working group.

- For the cluster with just one member doing IKE and IPsec, I propose "hot-standby cluster"
- For the cluster with several members doing IKE and IPsec, I propose to keep "load-sharing cluster"

Is this fine with everyone?


On Mar 23, 2010, at 1:51 PM, Rodney Van Meter wrote:

>> I think this is a really nice taxonomy and think it might be useful
>> to integrate it nearly as-is into the HA document.
> Go for it.  I can't promise more help (I'm in workload-shedding rather  
> than workload-accreting mode right now), but if it's useful, it was  
> worth an hour of my time to write up.
> There *must* be a standard textbook/reference on FT/HA, but I'm out of  
> date.
> 		--Rod