[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A new spin on multihoming: multihoming classes.
On Sun, 9 Sep 2001, Peter Tattam wrote:
> Umm.. There is a pathological situation where a DNS server within the site may
> not be accessible if that DNS server were only visible from a single address
> prefix. A secondary DNS might be visible at another address range but may not
> be for similar reasons as the primary netowrk fault.
This happens without multihoming too. The primary and secondary servers
should not both go down when there is a network problem.
> You could multi home the
> SOA & NS entries but it might complicate lookups - however you are implying
> this is not done.
I would just give the name server in a MAMH network two addresses, and
list both addresses in the delegating zone. That way, name service for a
dual-homed network with two name servers would be available from four
addresses. When an address is unreachable queries to that address will
time out and have to be tried again at another address. This adds a delay
to the process, which is not good but not so big a problem that we have
to attach any consequences to it, IMO.
> The site could be black holed from the DNS system if it were
> relying on a single homing their DNS servers, even if it were visible via other
> prefixes. It can be avoided by strategic placement of secondary servers, but
> in practice it might prove difficult.
Today, it is possible to multihome a server without any changes to any
protocol. This means giving the server addresses from ISP A and from ISP
B. This works. The problem is: what happens when one of them is down? This
problem can be fixed by trying different addresses until you find one that
works. Telnet does this, BIND does this. Another problem is: when
something goes down in the middle of a session, what do you do? This is
not a problem for the DNS, since it mostly uses single request/reply
transactions over UDP without keeping sessions active and it retries
everything so even with TCP it works out in the end.
What we're trying to do is not make multiple-address multihoming as such
possible: it already is. What we want is mechanisms to hide IP and lower
layer failures from the transport layer.
Iljitsch