James Carlson wrote:
Darren Reed writes:
James Carlson wrote:
This is a very, very common issue for UDP daemons. For example, it's
an issue that affects DNS servers and RIP.
Because with DNS we can tell clients to use address X, even if
the server can also recieve packets on Y and Z. DNS clients
Sure. But we can also tell clients to use Y and Z, and the server
must respond sanely. That's the whole point. Multi-homing requires
that you understand how to use the addresses you have. Forcing
yourself to use just one means that you aren't really multi-homed.
Why do I need to accept packets addressed to a service for
each particular interface and not just one?
Just so I can say it is "multi-homed"?
What about when that design doesn't scale?
So I suppose what I'm wondering is why does IKE need to use
any (or every!) address available and not one of a few that
are preconfigured on the server?
Because we're talking about multi-homed *servers*. The issue doesn't
come up if you're not multi-homed.
For example, suppose we have a server that has addresses on sixteen
separate subnets, 10.0.0.0/24 through 10.0.15.0/24. There are local
systems on each of those subnets, and the server doesn't forward
between them (it's only a host).
Why can't we provide service to all sixteen subnets with that one
server? If what you're suggesting -- always using exactly one address
on a server -- is viable, doesn't that mean that we force N-1 of the
client networks to route packets?
Or even force all N of them to route packets and configure the server
to be on N+1. I don't see the "having to route packets" as a big issue.
Am I missing something?
What if routing isn't actually
allowed between those networks?
That's what firewalls are used for.
What about applications that use
link-local multicast (such as NTP and RIP)?
To the best of my knowledge, both of these protocols use multicast
addresses to supply information, not to do query-request operations.
NTP servers typically run as a muilticast client that listens for the
announcements, a different mode of operation to that where it has
a server address configured (or at least that's my understanding.)
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
