[Freeipa-devel] A new proopsal for Location Based Discovery
Simo Sorce
simo at redhat.com
Wed Jan 23 00:33:53 UTC 2013
On Tue, 2013-01-22 at 17:46 +0100, Adam Tkac wrote:
> On Tue, Jan 22, 2013 at 11:19:30AM -0500, Simo Sorce wrote:
> > On Tue, 2013-01-22 at 17:02 +0100, Adam Tkac wrote:
> > > On Tue, Jan 22, 2013 at 10:25:21AM -0500, Simo Sorce wrote:
> > > > On Tue, 2013-01-22 at 16:18 +0100, Adam Tkac wrote:
> > > > > Before we start talking about using DNS for this purpose, have you
> > > > > considered
> > > > > to use IP anycast for this? You can simply create multiple servers
> > > > > with same IP
> > > > > address on different places over the world. After that you announce
> > > > > this IP
> > > > > address from multiple places simultaneounsly via BGP and BGP
> > > > > automatically
> > > > > routes all clients to the closest node. Advantage is that this is
> > > > > already
> > > > > implemented, used and nothing have to be modified.
> > > > >
> > > > > Regards, Adam
> > > > >
> > > > We cannot assume our customers can influence or have access to change
> > > > BGP routing, so I excluded multicast solutions from the get go.
> > > > Also it requires more changes on the clients which is another heavy
> > > > minus.
> > >
> > > If I understand correctly, target customers of IPA are companies and they use
> > > IPA to maintain resources in their internal networks, aren't they?
> > >
> > > In this case I see two basic solutions how to solve the "location" issue.
> > >
> > > 1. BGP routing between multiple internal networks
> >
> > Sorry Adam, I do not want to be dismissive, and I know that in an ideal
> > world this would be an awesome solution.
> >
> > Just trust me that for most cases asking someone to change their network
> > architecture is simply impossible.
>
> This is definitely right.
>
> However please read my previous post - I don't propose to change network
> architecture. Do you how to interconnect multiple networks without routers?
> I don't. So routers are already present in customer's networks. It can be even
> static routing, not BGP, and admin can simply set rule on router which physical
> server clients should use.
>
> > We have users telling us their network admins don't even want change
> > firewall configurations in some cases, so you can well see how they
> > would respond to someone asking them to change their routing or enabling
> > and using multicast.
>
> I think it's same amount of work to add record to DNS or to add record to the
> static or dynamic routing tables.
Adding a record to a DNS server is quite different from changing routing
and starting routing multicast packets.
> > Sorry but it simply is not a solution we can consider.
>
> Why? Which setup cannot be achieved with routing configuration and can be achieved
> with location information in DNS?
Queries from clients behind a VPN that doesn't do multicast ?
In general multicast cannot be assumed to be available/configured.
And it requires support in clients as well as services.
Also 'location' doesn't mean necessarily 'local'.
My client in NYC may be configured to be bound to servers in Boston for
whatever administrative reason. Boston is in no way local to me but is
my 'location'. How do you deliver that information in a schema like the
one you had in mind ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list