> a follow up from the recent joold discussion: how would one run > active-active NAT64 with jool? We would like to get rid of keepalived in > our setup and so far we decided to statically assign the routing IPs to > both routers.
ss-enabled: true ss-flush-asap: true ss-flush-deadline: default is fine ss-capacity: default is fine ss-max-payload: <MTU of the link the translators are using to share traffic> > What I'd assume joold could do is basically asking the other side, if it > already has a session (if no entry is in the local table) and then > create an entry on both sides, if there isn't. The current implementation works the opposite way: Every time one of the translator updates a session, it multicasts this change to let the other translators know. There are no requests; only pushes. Of course, this only works if this multicast traffic is reliably faster than the normal (translating) traffic. If the normal traffic is faster, all translators risk working with stale data. I think the approach you're describing is somewhat more reliable, but also substantially slower and not completely free from synchronization issues. Suppose you have translators A and B, and both receive packets from a stream from N6 (port 1234) to N4 (port 80): 1. A receives the first packet of the N6#1234 -> 64:ff9b::N4#80 stream. A asks "Who has a session for this packet?" 2. B receives the second packet of the N6#1234 -> 64:ff9b::N4#80 stream. B asks "Who has a session for this packet?" 3. A responds "I don't." 4. B responds "I don't." 5. A creates session entry N6#1234 | 64:ff9b::N4#80 | A#5678 | N4#80 6. B creates session entry N6#1234 | 64:ff9b::N4#80 | A#9123 | N4#80 As you can see, we just created a conflict. The way I see it, active-active session synchronization is an unsolvable problem, which is why I was honestly thinking about removing it. On Tue, Dec 3, 2019 at 11:10 AM Nico Schottelius <[email protected]> wrote: > > > Hello everyone, > > a follow up from the recent joold discussion: how would one run > active-active NAT64 with jool? We would like to get rid of keepalived in > our setup and so far we decided to statically assign the routing IPs to > both routers. > > This way, if either of them goes down, the other one directly takes over > the traffic. > > However, with NAT64, we will need to have the session table also > synchronised at all times. > > What I'd assume joold could do is basically asking the other side, if it > already has a session (if no entry is in the local table) and then > create an entry on both sides, if there isn't. > > Is this something you have done already or is this a totally new topic > in joold? > > Looking forward to hearing your opinions, > > Nico > > > > -- > Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch > _______________________________________________ > Jool-list mailing list > [email protected] > https://mail-lists.nic.mx/listas/listinfo/jool-list _______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
