[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: GSE



Noel,

>> Iljitsch van Beijnum wrote:
>> Doing it the MHAP way and replace the addresses in transit makes more
>> sense as it doesn't require changes to higher layers

> J. Noel Chiappa wrote:
> Umm, how does this differ from NAT? I guess the difference is that by
> the time the packet gets to the other end, the original source and
> destination addresses are back in it? So it's kind of invisible
> wrapping/unwrapping?

Yes, it's a simplified form of tunneling. Lots of advantages and one
drawback: the original destination address is not available en-route
would someone want to decapsulate the packet to figure it out for
whatever reasons. This could be solved by an extra header if necessary,
which I still have to see a good reason for.

> My concern about doing that is that now you've got state (those
> mappings) out in the network - more complex and less robust. Let
> the hosts manage it.

There is no state; a little like 6to4, automatic setup. There is some
local state maintained in individual routers for the sake of speed but
it's recreated on demand and none of the boxes are aware of the others.

MHAP is not like a stateful firewall, for example. In a stateful
firewall or NAT box, failover to a different device requires to
synchronize state; not MHAP. In a site with multiple egress points,
failure of the MHAP router at one of these points will reroute traffic
to another one as long as the IGP converges.

Michel.