2008/523 IPsec session failover
Darren J Moffat
Darren.Moffat at sun.com
Mon Aug 18 02:07:20 PDT 2008
Thejaswini Singarajipura wrote:
>
>
> Darren J Moffat wrote:
>> I'm missing the bigger picture here, or failing to see where it is
>> covered in the materials.
>>
>> Can someone draw me a simple picture of a multi node cluster using
>> this showing which IKE the client connects to originally and where and
>> how the SADB's are passed between the nodes.
>
> Attached below is a diagram of a 2-node cluster and a brief description
> of how the client connections are handled.
>>
>> I think I understand how the failover happens with the switch from
>> IDLE to MATURE. The part I'm missing is how all the SC nodes get the
>> SADB entries in the first place and how that is done securely.
>
> The SADB is synchronized over SC private interconnects, which is a
> private LAN and is detached from all other network.
> Hence I do not think we add any more vulnerability by this project.
I thought that SC could be deployed in such away that the nodes were
physically quite far away from each other. How is that private
interconnect protected in that case ? While this might sound like I'm
asking about existing architecture of SC I don't believe that today
highly sensitive key material is passed over this "private" SC interconnect.
How do customers *really* deploy this ? Is it always true that only
cluster nodes are connected ? Are all the switches etc completely
private or can VLANing be used to support multiple clusters or make a
"private" interconnect over existing infrastructure ?
--
Darren J Moffat
More information about the opensolaris-arc
mailing list