On Tue, Jan 22, 2013 at 07:33:53PM -0500, Simo Sorce wrote: > On Tue, 2013-01-22 at 17:46 +0100, Adam Tkac wrote: > > On Tue, Jan 22, 2013 at 11:19:30AM -0500, Simo Sorce wrote: > > > On Tue, 2013-01-22 at 17:02 +0100, Adam Tkac wrote: > > > > On Tue, Jan 22, 2013 at 10:25:21AM -0500, Simo Sorce wrote: > > > > > On Tue, 2013-01-22 at 16:18 +0100, Adam Tkac wrote: > > > > > > Before we start talking about using DNS for this purpose, have you > > > > > > considered > > > > > > to use IP anycast for this? You can simply create multiple servers > > > > > > with same IP > > > > > > address on different places over the world. After that you announce > > > > > > this IP > > > > > > address from multiple places simultaneounsly via BGP and BGP > > > > > > automatically > > > > > > routes all clients to the closest node. Advantage is that this is > > > > > > already > > > > > > implemented, used and nothing have to be modified. > > > > > > > > > > > > Regards, Adam > > > > > > > > > > > We cannot assume our customers can influence or have access to change > > > > > BGP routing, so I excluded multicast solutions from the get go. > > > > > Also it requires more changes on the clients which is another heavy > > > > > minus. > > > > > > > > If I understand correctly, target customers of IPA are companies and > > > > they use > > > > IPA to maintain resources in their internal networks, aren't they? > > > > > > > > In this case I see two basic solutions how to solve the "location" > > > > issue. > > > > > > > > 1. BGP routing between multiple internal networks > > > > > > Sorry Adam, I do not want to be dismissive, and I know that in an ideal > > > world this would be an awesome solution. > > > > > > Just trust me that for most cases asking someone to change their network > > > architecture is simply impossible. > > > > This is definitely right. > > > > However please read my previous post - I don't propose to change network > > architecture. Do you how to interconnect multiple networks without routers? > > I don't. So routers are already present in customer's networks. It can be > > even > > static routing, not BGP, and admin can simply set rule on router which > > physical > > server clients should use. > > > > > We have users telling us their network admins don't even want change > > > firewall configurations in some cases, so you can well see how they > > > would respond to someone asking them to change their routing or enabling > > > and using multicast. > > > > I think it's same amount of work to add record to DNS or to add record to > > the > > static or dynamic routing tables. > > Adding a record to a DNS server is quite different from changing routing > and starting routing multicast packets.
Please note anycast != multicast. Anycast is unicast so no multicast is involved. > > > Sorry but it simply is not a solution we can consider. > > > > Why? Which setup cannot be achieved with routing configuration and can be > > achieved > > with location information in DNS? > > Queries from clients behind a VPN that doesn't do multicast ? > > In general multicast cannot be assumed to be available/configured. > > And it requires support in clients as well as services. > > Also 'location' doesn't mean necessarily 'local'. > > My client in NYC may be configured to be bound to servers in Boston for > whatever administrative reason. Boston is in no way local to me but is > my 'location'. How do you deliver that information in a schema like the > one you had in mind ? This is not possible with my anycast proposal. Thanks for explanation, I just didn't imagine which schema cannot be configured on routing level and this is the one. Regards, Adam -- Adam Tkac, Red Hat, Inc. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
