On Tue, Jan 22, 2013 at 10:25:21AM -0500, Simo Sorce wrote: > On Tue, 2013-01-22 at 16:18 +0100, Adam Tkac wrote: > > Before we start talking about using DNS for this purpose, have you > > considered > > to use IP anycast for this? You can simply create multiple servers > > with same IP > > address on different places over the world. After that you announce > > this IP > > address from multiple places simultaneounsly via BGP and BGP > > automatically > > routes all clients to the closest node. Advantage is that this is > > already > > implemented, used and nothing have to be modified. > > > > Regards, Adam > > > We cannot assume our customers can influence or have access to change > BGP routing, so I excluded multicast solutions from the get go. > Also it requires more changes on the clients which is another heavy > minus.
If I understand correctly, target customers of IPA are companies and they use IPA to maintain resources in their internal networks, aren't they? In this case I see two basic solutions how to solve the "location" issue. 1. BGP routing between multiple internal networks If customer wants to interconnect multiple networks (for example networks in different offices) so resources in network 1 will be accessible from network 2, he must use some kind of routing. All traffic from network 1 must go through border router and is accepted by border router in network 2: network1 <-> router1 <-> router2 <-> network2 This can be extended to multiple offices and all border routers will talk to each other. In this scenario customer can specify set of rules on each router and route traffic to services to specific locations. Please note that there is no need to announce anything to the Internet via BGP. 2. No routing between internal networks In this case networks aren't interconnected so no routing is involved. In this case "location" discovery doesn't make sense because machine in network 1 cannot access resources in network 2. So it will also use the closest service. To summarize my idea, as long as services have _same_ IP addresses in all cooperating IPA installations, which definitely make sense, you don't need to use DNS for location because routing protocol will automatically pick the closest location. I don't see any reason for modifications on clients. Everything what will be modified is routing rules on border routers. Please note that anycast != multicast. Regards, Adam -- Adam Tkac, Red Hat, Inc. _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel