Re: A comment about RFC 3484 address selection
On Tue, Sep 25, 2007 at 03:21:09AM +0200, Kurt Roeckx wrote:
>
> There are 2 ways to look at this. One is from the point of people
> writing an application that connects to some server. The other is from
> people running the servers.
>
> There are dns server implementations that rotates the list of A-records,
> so that the load gets distributed over the servers. People setting up
> that software know that, and rely on the behaviour. They expect
> the client software to select a semi random IP address.
Nobody seems to have explained the different cases yet someone might
want to add several addresses to a hostname. So I'm going to try and
sum up what I think are the use cases for it, and how rule 9 affects it.
- You might want to set up several servers in the same network segment,
and all your clients are in the same segment too. For instance
you add 1.0.0.2 and 1.0.0.3. All clients are in 1.0.0.0/24.
In this case, there is no need for rule 9. It might result in
clients prefering one over another in some cases, but it's probably
not harmful.
- A simular case is that you have 2 segments, 1.0.0.0/24 and 1.0.1.0/24,
and you add a 1.0.0.2 and 1.0.1.2. Now you want clients to connect
to the one from it's own segment, and fall back to the other if it
fails.
In this case rule 9 might be useful. But I would rather see that this
fall under rule 2 and/or 8, and that such address would be considered
one with a site-local scope. It could potentially also fall under
rule 4. It's also something that can perfectly be configured in the
policy.
- You might want to have several server in the same network segment
but have your clients in an other network segment. For instance
the servers are in 1.0.0.0/24 and the clients in 1.0.1.0/24.
In this case rule 9 is not going to have any effect.
- Another example is that the servers are provided by different people,
and they're spread over the internet. There generally is no relation
between the clients and the servers.
This is the case were we have a problem with rule 9. It tries to
guess which network might be closer, and the guess doesn't really
make sense in alot of cases.
- A last case is that you set it up with global and a private
(site-local) address.
This is already covered by rule 2 and rule 8. I think in general
setting things up that way doesn't make much sense.
So my conclusion is that rule 9 as it is now is only useful in 1 case,
and that in that case either one of the other rules should be used
instead, or the local policy modified.
Kurt
Reply to: