[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Headers
marcelo bagnulo wrote:
...
> > I would rather have the firewalls take part in the session
> > establishment procedure.
>
> Wouldn't this preclude fault tolerance? I mean what happens if this path
> is broken and the communication is re-routed through another firewall? I
> mean this would introduce some of the issues of NAT.
Correct, or more generally the issues of any stateful middlebox.
The Internet doesn't have sessions, so middleboxes shouldn't
have session state.
However, it seems likely that any solution will involve either
a header rewrite or an encapsulation process. It is a design
requirement that any distributed state needed for this is soft
state, for the reasom Marcelo gives.
Brian
- Follow-Ups:
- Re: Headers
- From: Iljitsch van Beijnum <iljitsch@muada.com>
- References:
- Headers
- From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: Headers
- From: marcelo bagnulo <marcelo@it.uc3m.es>