[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Enhanced SIIT
Thus spake "Brian E Carpenter" <brian.e.carpenter@gmail.com>
If the translation is stateless, there is no reason why the translator
would be a SPOF. You'd just deploy several of them, and packets would
flow through whichever one was up at any given time.
But that fails miserably if the protocol in use is stateful in a way
that needs stateful translation in the NAT devices.
That's the problem with _any_ stateful translation or firewalling. Any sort
of hard state in the network is fragile, which is why SIIT was defined to be
stateless, AIUI. If one wants to "enhance" SIIT by making it stateful,
don't use the same name because that's a fundamental violation of what SIIT
is -- it's even in its name.
Think about NAPT for example. I don't see how that can fail over
statelessly from one box to another.
That's not stateless translation. There _are_ stateful NAPT boxes that can
do failover because they share state, and that technology could be applied
to a stateful variant of SIIT if desired.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking