[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Host-based may be the way to go, but network controls are neccessary



> However there are currently no routing knobs for a multi-homed site to
> control via which site-exit a packet should be forwarded based on the
> packet's source prefix (there are a hundred reasons why NAT is used
> today, and this is one of them).  This will result in unnecessary
> "misses" (which means delay, dead packets, IDS alarms, etc) during the
> connection setup of any host-based solution within a multi-homed site
> because of the current source address selection process.

I would be useful (at least for me) to understand the input and output
parameters to the policy control.

The most flexible one is to provide the list of possible destination addresses
and source addresses as input, and get as a result the desired combinations
(presumably ranked so that there is an indication of the fallback order 
when the 1st one doesn't work or fails).

But building solutions for that is likely to cause significant performance 
overhead (at least for a host based solution).
Thus I wonder if there are policy functions that could be good enough even
though they can only choose the source and the destination is given by the
host.

  Erik