Re: [IPsec] Issue #177. (was: HA/LS terminology)

Yoav Nir <> Thu, 25 March 2010 20:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 44D133A6892 for <>; Thu, 25 Mar 2010 13:09:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.591
X-Spam-Status: No, score=-1.591 tagged_above=-999 required=5 tests=[AWL=0.878, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BXNrGkMqxyJK for <>; Thu, 25 Mar 2010 13:09:51 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id C642F3A6B18 for <>; Thu, 25 Mar 2010 13:09:48 -0700 (PDT)
Received: from ( []) by (8.12.10+Sun/8.12.10) with ESMTP id o2PK9lsd003990; Thu, 25 Mar 2010 22:09:47 +0200 (IST)
X-CheckPoint: {4BABC23A-0-1211DC2-2FFFF}
Received: from ([]) by ([]) with mapi; Thu, 25 Mar 2010 22:10:09 +0200
From: Yoav Nir <>
To: Dan Harkins <>
Date: Thu, 25 Mar 2010 22:09:45 +0200
Thread-Topic: [IPsec] Issue #177. (was: HA/LS terminology)
Thread-Index: AcrMVyrZa+0+oxzoSZqgsYEAhEMYNg==
Message-ID: <>
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Rodney Van Meter <>, "" <>, Melinda Shore <>
Subject: Re: [IPsec] Issue #177. (was: HA/LS terminology)
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Mar 2010 20:09:52 -0000

Hi Dan

I am not trying to create a complete taxonomy of cluster types. I should also note that we don't really have a term for a single "thing" that does IKE and IPsec. Our documents use terms like "gateway" and "peer", but "gateway" does not encompass VPN clients and hosts, and "peer" is not just any implementation, it's the *other* implementation. "Implementation" is a little too long.

Anyway, draft-ietf-ipsecme-ipsec-ha is not out to make a complete taxonomy of clusters. We only define what we need to discuss the problems. All the clusters that are of interest to us provide the ability for another member to take over the work of a failed member. Since this is common to all the clusters that we are considering, we don't need to define this specially. The only difference that matters is whether or not more than one member is handling traffic with the same peer at the same time.

So the only terminology that we need, the only taxonomy that we need, is for these two mutually-exclusive types of cluster:
- Only one member handles all traffic for a particular peer at the same time
- Several members handle traffic for a particular peer at the same time.

That's all the terminology that we need.

So with that in mind, what terms would you suggest for these two types of cluster?