[Freeipa-devel] A new proopsal for Location Based Discovery

Adam Tkac atkac at redhat.com
Tue Jan 22 16:46:01 UTC 2013 

On Tue, Jan 22, 2013 at 11:19:30AM -0500, Simo Sorce wrote:
> On Tue, 2013-01-22 at 17:02 +0100, Adam Tkac wrote:
> > On Tue, Jan 22, 2013 at 10:25:21AM -0500, Simo Sorce wrote:
> > > On Tue, 2013-01-22 at 16:18 +0100, Adam Tkac wrote:
> > > > Before we start talking about using DNS for this purpose, have you
> > > > considered
> > > > to use IP anycast for this? You can simply create multiple servers
> > > > with same IP
> > > > address on different places over the world. After that you announce
> > > > this IP
> > > > address from multiple places simultaneounsly via BGP and BGP
> > > > automatically
> > > > routes all clients to the closest node. Advantage is that this is
> > > > already
> > > > implemented, used and nothing have to be modified.
> > > > 
> > > > Regards, Adam
> > > > 
> > > We cannot assume our customers can influence or have access to change
> > > BGP routing, so I excluded multicast solutions from the get go.
> > > Also it requires more changes on the clients which is another heavy
> > > minus.
> > 
> > If I understand correctly, target customers of IPA are companies and they use
> > IPA to maintain resources in their internal networks, aren't they?
> > 
> > In this case I see two basic solutions how to solve the "location" issue.
> > 
> > 1. BGP routing between multiple internal networks
> 
> Sorry Adam, I do not want to be dismissive, and I know that in an ideal
> world this would be an awesome solution.
> 
> Just trust me that for most cases asking someone to change their network
> architecture is simply impossible.

This is definitely right.

However please read my previous post - I don't propose to change network
architecture. Do you how to interconnect multiple networks without routers?
I don't. So routers are already present in customer's networks. It can be even
static routing, not BGP, and admin can simply set rule on router which physical
server clients should use.

> We have users telling us their network admins don't even want change
> firewall configurations in some cases, so you can well see how they
> would respond to someone asking them to change their routing or enabling
> and using multicast.

I think it's same amount of work to add record to DNS or to add record to the
static or dynamic routing tables.

> Sorry but it simply is not a solution we can consider. 

Why? Which setup cannot be achieved with routing configuration and can be achieved
with location information in DNS?

Regards, Adam

-- 
Adam Tkac, Red Hat, Inc.

More information about the Freeipa-devel mailing list