On Mon, 8 Oct 2007 [EMAIL PROTECTED] wrote:
> > On Sun, 7 Oct 2007 [EMAIL PROTECTED] wrote:
> >
> >>
> >> The diagram looks like:
> >>
> >> Ax Bx
> >> ||
> >> Xa---Xb
> >> ||
> >> LBa--LBb
> >> \ /
> >> B{1..n} (backend) servers 1 through N
> >>
> >> On Xa, the preferred path for
> On Sun, 7 Oct 2007 [EMAIL PROTECTED] wrote:
>
>>
>> The diagram looks like:
>>
>> Ax Bx
>> ||
>> Xa---Xb
>> ||
>> LBa--LBb
>> \ /
>> B{1..n} (backend) servers 1 through N
>>
>> On Xa, the preferred path for S is -> LBa.
>> On Xb, the preferred path for S is -> LBb.
>
>
>> The lo
On Sun, 7 Oct 2007 [EMAIL PROTECTED] wrote:
>
> The diagram looks like:
>
> Ax Bx
> ||
> Xa---Xb
> ||
> LBa--LBb
> \ /
> B{1..n} (backend) servers 1 through N
>
> On Xa, the preferred path for S is -> LBa.
> On Xb, the preferred path for S is -> LBb.
> The load balancers do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brian,
[EMAIL PROTECTED] wrote:
[ 194 lines of discussion about routing and anycasting, without a single
reference to DNS reflectors, or indeed DNS at all! ]
This is all very fascinating, but it seems to have drifted quite far from the
draft in th
> On Sat, 6 Oct 2007, Brian Dickson wrote:
>
>> Consider the following set-up:
>>
>> A single prefix is announced by a single ASN, for each of which there
>> is only one instance. (I.e. non-anycast.)
>>
>> The prefix is used solely for offering services that are front-ended
>> by a stateful load-ba
On Sat, 6 Oct 2007, Brian Dickson wrote:
> Consider the following set-up:
>
> A single prefix is announced by a single ASN, for each of which there
> is only one instance. (I.e. non-anycast.)
>
> The prefix is used solely for offering services that are front-ended
> by a stateful load-balancer p
Brian Dickson wrote:
It operates in exactly the same way, as if there were two equal cost
routes to two or more routers, each
advertising the existence of one of these servers, on the other side
of a PPLB router - except that it has
the ability to handle the state issue for TCP.
Anyone who ope
On Thu, 4 Oct 2007, bill fumerola wrote:
>
> i just must be a fraud and liar, not to mention a "junior sysadmin".
There's nothing wrong with being a junior admin. I was one once, too. I
was a programmer before I was an admin, and I sort of became an admin
because I screwed up. Well, this wasn't m
On Thu, 4 Oct 2007, bill fumerola wrote:
> On Wed, Oct 03, 2007 at 08:10:03PM -0400, Dean Anderson wrote:
> > But none of this is relevant to the claims that Hickson made.
>
> no, but they're directly relevant to the claims that you made:
>
> >> direct server return aka one-arm load balancing do
On Wed, Oct 03, 2007 at 08:10:03PM -0400, Dean Anderson wrote:
> But none of this is relevant to the claims that Hickson made.
no, but they're directly relevant to the claims that you made:
>> direct server return aka one-arm load balancing does no translation or
>> rewrite of any headers (l3 or
On Thu, 4 Oct 2007, Brian Dickson wrote:
> bill fumerola wrote:
> > not all load balancers work the same.
> > direct server return aka one-arm load balancing does no translation or
> > rewrite of any headers (l3 or l4). all it does is make a switching
> > decision based on health check and other w
bill fumerola wrote:
not all load balancers work the same.
direct server return aka one-arm load balancing does no translation or
rewrite of any headers (l3 or l4). all it does is make a switching
decision based on health check and other weighting criteria.
Just to clarify, for those who aren
On Wed, 3 Oct 2007, bill fumerola wrote:
> On Wed, Oct 03, 2007 at 12:33:09PM -0400, Dean Anderson wrote:
> > No, that isn't anycast. A loadbalancer is actually a stateful NAT with
> > several different hosts behind the load balancing NAT. Those
> > loadbalancer devices you buy from cisco and othe
On Wed, Oct 03, 2007 at 12:33:09PM -0400, Dean Anderson wrote:
> No, that isn't anycast. A loadbalancer is actually a stateful NAT with
> several different hosts behind the load balancing NAT. Those
> loadbalancer devices you buy from cisco and other companies are
> specialized NAT boxes. The serv
Dean Anderson wrote:
> On Wed, 3 Oct 2007, Brian Dickson wrote:
>
>
>> Dean Anderson wrote:
>>
>>> The load balancer is really just a special kind of stateful NAT.
>>>
>>>
>> No.
>>
>> Load balancers can load balance, without any translation being done at all.
>>
>> And a load bal
On Wed, Oct 03, 2007 at 12:33:09PM -0400, Dean Anderson wrote:
> Then GROW considers an Anycast Draft, by your company.
Just as a point of information, Afilias (in any of its guises --
Afilias Canada, Afilias USA, &c. &c.) has never written any Internet
Draft. Afilias does employ people who ar
This is highly tangential to dnsop in general and this draft in
particular, but perhaps some clarity on the specific load balancing
point is useful.
On 3-Oct-2007, at 1233, Dean Anderson wrote:
On Wed, 3 Oct 2007, Brian Dickson wrote:
Load balancers can load balance, without any translatio
On Tue, 2 Oct 2007, John Kristoff wrote:
> On Tue, 2 Oct 2007 21:59:33 -0400 (EDT)
> Dean Anderson <[EMAIL PROTECTED]> wrote:
>
> > In fact, using authority servers is _less_ risk to the abuser, because
> > to compose the reflector attacks, s/he has to crack into a server,
> > craft a record,
>
On Wed, 3 Oct 2007, Brian Dickson wrote:
> Dean Anderson wrote:
> > The load balancer is really just a special kind of stateful NAT.
> >
> No.
>
> Load balancers can load balance, without any translation being done at all.
>
> And a load balancer is by definition doing *anycast*. The same add
> "Dean" == Dean Anderson <[EMAIL PROTECTED]> writes:
>> The fact that something else is a *bigger* risk, doesn't have
>> any bearing on whether the first thing is a risk.
Dean> Yes, it really does. Especially if the bad guy doesn't have
Dean> to even change his source code t
Dean Anderson wrote:
The load balancer is really just a special kind of stateful NAT.
No.
Load balancers can load balance, without any translation being done at all.
And a load balancer is by definition doing *anycast*.
The same address is used as a destination, and the packets are delivere
On Tue, 2 Oct 2007 21:59:33 -0400 (EDT)
Dean Anderson <[EMAIL PROTECTED]> wrote:
> In fact, using authority servers is _less_ risk to the abuser, because
> to compose the reflector attacks, s/he has to crack into a server,
> craft a record,
One can create a large record anwhere in the namespace.
On Tue, 2 Oct 2007, Brian Dickson wrote:
> Dean Anderson wrote:
> > I think this may be of interest. It was offlist, so I won't identify
> > the author I am responding to.
> >
> [Did you think to perhaps ask the author first? He/she may have been
> willing to be identified...]
The author is no
Dean Anderson wrote:
I think this may be of interest. It was offlist, so I won't identify the
author I am responding to.
[Did you think to perhaps ask the author first? He/she may have been
willing to be identified...]
I. Harm only possible for ENDSO; Update RFC 2671 Instead
The maximum no
I think this may be of interest. It was offlist, so I won't identify the
author I am responding to.
> [off-list]
>
> On Monday, September 24, 2007 06:25:49 PM -0400 Dean Anderson
> <[EMAIL PROTECTED]> wrote:
>
>
>
> > I. Harm only possible for ENDSO; Update RFC 2671 Instead
> >
> > The max
25 matches
Mail list logo
