[116536] in North American Network Operators' Group
Re: DNS hardening, was Re: Dan Kaminsky
daemon@ATHENA.MIT.EDU (Ross Vandegrift)
Thu Aug 6 11:28:40 2009
From: Ross Vandegrift <ross@kallisti.us>
Date: Thu, 6 Aug 2009 11:26:05 -0400
To: Paul Vixie <vixie@isc.org>
In-Reply-To: <18285.1249571785@nsa.vix.com>
Cc: nanog@merit.edu
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Aug 06, 2009 at 03:16:25PM +0000, Paul Vixie wrote:
> > ...: "Do loadbalancers, or loadbalanced deployments, deal with this
> > properly?" (loadbalancers like F5, citrix, radware, cisco, etc...)
>
> as far as i know, no loadbalancer understands SCTP today. if they can be
> made to pass SCTP through unmodified and only do their enhanced L4 on UDP
> and TCP as they do now, all will be well. if not then a loadbalancer
> upgrade or removal will be nec'y for anyone who wants to deploy SCTP.
F5 BIG-IP 10.0 has support for load balancing SCTP. I have not tested
or implemented it. I do not know what feature parity exists with
other protocols. But at least it's documented and supported.
--
Ross Vandegrift
ross@kallisti.us
"If the fight gets hot, the songs get hotter. If the going gets tough,
the songs get tougher."
--Woody Guthrie
