On Tue, 2009-05-19 at 15:56 +0200, Darren Reed wrote: > James Carlson wrote: > > Darren Reed writes: > > > >> James Carlson wrote: > >> > >>> This is a very, very common issue for UDP daemons. For example, it's > >>> an issue that affects DNS servers and RIP. > >>> > >> Because with DNS we can tell clients to use address X, even if > >> the server can also recieve packets on Y and Z. DNS clients > >> > > > > Sure. But we can also tell clients to use Y and Z, and the server > > must respond sanely. That's the whole point. Multi-homing requires > > that you understand how to use the addresses you have. Forcing > > yourself to use just one means that you aren't really multi-homed. > > > > Why do I need to accept packets addressed to a service for > each particular interface and not just one? > Just so I can say it is "multi-homed"? > What about when that design doesn't scale?
No, the presupposition is that the system is multi-homed, and that there are applications and services running on that system communicating using any number and combinations of local addresses. The IKE daemon's job is to do IPsec key negotiation on behalf of these applications and services. It wouldn't make sense to have a multi-homed system, but only support IPsec/IKE on one of its addresses, don't you think? -Seb _______________________________________________ networking-discuss mailing list [email protected]
