On Fri, Aug 15, 2008 at 10:14:41AM +0100, Darren J Moffat wrote: > I'm missing the bigger picture here, or failing to see where it is covered > in the materials. > > Can someone draw me a simple picture of a multi node cluster using this > showing which IKE the client connects to originally and where and how the > SADB's are passed between the nodes.
SAs will be passed between the nodes via the Sun Cluster infrastructure. When clustering is enabled, various PF_KEY operations become cluster-wide ones. ADDs, GETSPIs, and UPDATEs affect all nodes in the cluster thanks to a combination of in-kernel hooks and augmentations of in.iked(1M) and ipseckey(1M). > I think I understand how the failover happens with the switch from IDLE to > MATURE. The part I'm missing is how all the SC nodes get the SADB entries > in the first place and how that is done securely. The cluster interconnect is a private LAN and is assumed to be detached from any other networks. This means, of course, if you compromise one node, you compromise them all, but clustering is all about redundancy and availabilty, not security, so I don't believe there are additional vulnerabilities being added by this project. > I assume the IKE DPD functionality is generally useful for non SC > deployments but is required by this case. Precisely! You'll have to ask Thejaswini for details beyond what I've mentoined. Dan
