Darren J Moffat wrote: > I'm missing the bigger picture here, or failing to see where it is > covered in the materials. > > Can someone draw me a simple picture of a multi node cluster using > this showing which IKE the client connects to originally and where and > how the SADB's are passed between the nodes.
Attached below is a diagram of a 2-node cluster and a brief description of how the client connections are handled. > > I think I understand how the failover happens with the switch from > IDLE to MATURE. The part I'm missing is how all the SC nodes get the > SADB entries in the first place and how that is done securely. The SADB is synchronized over SC private interconnects, which is a private LAN and is detached from all other network. Hence I do not think we add any more vulnerability by this project. > > I assume the IKE DPD functionality is generally useful for non SC > deployments but is required by this case. Yes. Regards, Thejaswini > > -- > Darren J Moffat > -------------- next part -------------- A non-text attachment was scrubbed... Name: cluster_overview.pdf Type: application/pdf Size: 53507 bytes Desc: not available URL: <http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20080818/33a6c890/attachment.pdf>
