netdev
[Top] [All Lists]

Re: [1/2] CARP implementation. HA master's failover.

To: johnpol@xxxxxxxxxxx
Subject: Re: [1/2] CARP implementation. HA master's failover.
From: jamal <hadi@xxxxxxxxxx>
Date: 17 Jul 2004 08:47:34 -0400
Cc: netdev@xxxxxxxxxxx, netfilter-failover@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1089990401.6114.2843.camel@uganda>
Organization: jamalopolis
References: <1089898303.6114.859.camel@uganda> <1089898595.6114.866.camel@uganda> <1089902654.1029.23.camel@jzny.localdomain> <1089905244.6114.887.camel@uganda> <1089907622.1027.48.camel@jzny.localdomain> <1089910760.6114.967.camel@uganda> <1089912285.1028.93.camel@jzny.localdomain> <20040715235313.69897131@zanzibar.2ka.mipt.ru> <1089983064.1060.1328.camel@jzny.localdomain> <1089990401.6114.2843.camel@uganda>
Reply-to: hadi@xxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
On Fri, 2004-07-16 at 11:06, Evgeniy Polyakov wrote:
> On Fri, 2004-07-16 at 17:04, jamal wrote:
> 

[..]
> They do strong signed digest, but it does not have any kind of counter
> so i do not see replay attack prevention.

Ok, you are right. I do think that there are people who have run this
over IPSEC though. I could swear that the current linux based one does.
I wish we could get Alexander to comment on this discussion.

> 
> > > Can it be used over IPv6? (CARP also can't but it is _very_ easy to
> > > add, I just don't have IPv6 network setup to test).
> > 
> > Theres effort to have it do v6.
> > http://www.ietf.org/internet-drafts/draft-ietf-vrrp-ipv6-spec-06.txt
> > I agree its lame to have it as an after thought it seems
> 
> * VRRP for IPv6 does not currently include any type of authentication. *

Fine.

> I will draw one too.

ok, my resonse attached.

> For those who cares they are already done.

I was done 10 years ago. But theres a lot of fools around. 
MS targets the fools. 

> > > I have great confidence that Theo de Raadt will not include non
> > > patent-free code in OpenBSD.
> > 
> > I hope he is a lawyer or has some good lawyer advising him;->
> 
> He is an OpenBSD creator, so he is just a bit more paranoidal than
> others :)

I see ;-> 

cheers,
jamal

Attachment: carp.dig2
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>