Re: [IPsec] Issue #177
Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 13 April 2010 13:43 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED4063A6964 for <ipsec@core3.amsl.com>; Tue, 13 Apr 2010 06:43:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VepoD0Tsxh37 for <ipsec@core3.amsl.com>; Tue, 13 Apr 2010 06:43:16 -0700 (PDT)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158]) by core3.amsl.com (Postfix) with ESMTP id 075503A69C5 for <ipsec@ietf.org>; Tue, 13 Apr 2010 06:43:09 -0700 (PDT)
Received: by fg-out-1718.google.com with SMTP id 22so1398821fge.13 for <ipsec@ietf.org>; Tue, 13 Apr 2010 06:43:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=CYXOubckoijQWz0MvCnogwRHMtHLNBKZ12XtCvPCZqs=; b=vcGJ2Mk2Hx44jUYJe4L+bWJvoKmTqF+SZW1w5/W0GglQ/N8Uavh5RjKwV922FMYJ4F UK6LDca3DKmB8+g4hlRclZ3mst0DN+orIQmHv+iwmQrmJvNcrIbgyzA0eUf+ig7MOQpa DnjtkhyLTWAUOjqkdSJ0fOjLtWqczTDUUOGdk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=cday+hv0Buz/Ds8pe65jRFAL5pZ1hyEOBUfqLWDXsx5cjStfUDYmd4bydazk3Mmtym q3m9Y5yfFRYGebLE+frr3hpE1kJ41V6MJ4SZEOyc+LBBNtobIXD+7qGWiet6yrsVWxmi aPp5Z9n7SKLfaF1IH4ThqcytGug9xbWDfPZ5Q=
Received: by 10.223.98.19 with SMTP id o19mr36732fan.80.1271166180950; Tue, 13 Apr 2010 06:43:00 -0700 (PDT)
Received: from [10.0.0.4] ([109.67.14.147]) by mx.google.com with ESMTPS id z10sm10991465fka.31.2010.04.13.06.43.00 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 13 Apr 2010 06:43:00 -0700 (PDT)
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
In-Reply-To: <B9D46A20-9BC0-4922-B60F-6FE3C3260F06@checkpoint.com>
References: <5168444B-8DBF-4638-B2E5-BDFD5F1F6BB8@checkpoint.com> <1271150696.3977.11.camel@yaronf-linux> <1271153827.2090.0.camel@yaronf-linux> <B9D46A20-9BC0-4922-B60F-6FE3C3260F06@checkpoint.com>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 13 Apr 2010 16:42:57 +0300
Message-ID: <1271166177.5481.10.camel@yaronf-linux>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.1
Content-Transfer-Encoding: 7bit
Cc: "ipsec@ietf.org WG" <ipsec@ietf.org>
Subject: Re: [IPsec] Issue #177
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2010 13:43:17 -0000
[snip] > >> "Failover" is the event where a one member takes over some load from > >> some other member. In a hot standby cluster, this hapens when a > >> standby memeber becomes active due to a failure of the former active > >> member, or because of an administrator command. In a load sharing > >> cluster this usually happens because of a failure of one of the > >> members, but certain load-balancing technologies may allow a > >> particular load (an SA) to move from one member to another to even > >> out the load, even without any failures. > > > > The parenthetical "an SA" implies that SAs are never shared between > > members. I suggest that the initial definition of "cluster" mention > > whether we expect IKE and IPsec SAs to be shared between members. > > That is not part of terminology. It's mentioned in section 3. How about I change the parenthetical remark to "such as all the flows associated with a particular SA" ? OK, with a nit: "such as all the flows associated with a particular IKE SA". > > >> "Loose Cluster" is a cluster where each member has a different IP > >> address. Peers find the correct member using some method such as DNS > >> queries or [REDIRECT]. > > > > Upon failure, members' IP addresses are reallocated to other members. > > They are? > > OK, not necessarily (but it's one reasonable way to reduce the fail-over time): Upon failure, members' IP addresses may be reallocated to other members.
- [IPsec] Issue #177 Yoav Nir
- Re: [IPsec] Issue #177 Yaron Sheffer
- Re: [IPsec] Issue #177 Yoav Nir
- Re: [IPsec] Issue #177 Yaron Sheffer
- Re: [IPsec] Issue #177 Yoav Nir