[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: gethostby* users



On Sat, 2007-10-13 at 09:37 -0700, Ulrich Drepper wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Simo Sorce wrote:
> > What is the purpose of IPv4 address reordering ?
> 
> So that the most promising and possibly fastest/cheapest address is
> used.  Read RFC 3484.

Sorry, but this may make sense for IPv6, but you have no way to know
which IPv4 address is closer by it's value. Except for loopback, and
other 'link-local' address, even considering private addresses
'site-local' seem to be a stretch as they are often used for VPN, and
may well be much farther than a normal global scope one.

A simple example: say I have 2 sites with 2 replicated services, I want
to have a preference for people in one site to connect to their site
server.
Site A has public IP addresses for servers because you also offer
services to the outside and contains most clients (which instead use
private addresses).
Site B has private IP addresses for servers because it is a branch
office that has only intranet replicated service (clients also have
private addresses but on a different network).
You have 2 DNS servers with views, and the 2 sites are connected by a
relatively slow link.
On Site A you configure the DNS to return locally Site A (global scope)
addresses before Site B ones, that are used just as backup.
On Site B you configure the DNS to return locally Site B (site-local)
addresses before Site A ones.

Now if you reorder these addresses what happen is that the main site A
clients will always try to contact the branch office servers instead, as
they have 'site-local' ones.

Address reordering can therefore easily make it the worst route.

I know about RFC 3484 10.5, but consider that this is highly unexpected
behavior on sites that uses IPv4 only and have pre-existing
configurations.
Also configuring the policy tables of each client (not always possible
as glibc doesn't have a way to configure policy table in versions older
then a year or so) is a lot more effort than just configuring one single
DNS server, and impossible if you want to provide different
configurations depending on the server/protocol used.

Simo.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]