On Mar 23, 2010, at 6:05 PM, Dan Harkins wrote:
>
> Hi,
>
> "hot standby" implies a box sitting ("hot") twiddling its thumbs doing
> little but waiting for another box to fail ("standby"). It's the VRRP
> model.
And that's exactly what I want to describe. Well, not twiddling its thumbs. The
standby is synchronizing state with the active member, but it's not doing any
IKE or IPsec
>
> There is a HA model which supports dynamic load balancing as well as
> active session failover. Nodes in such a cluster are not "standby". They
> each have loads that they can shed and add to based upon some heuristic.
> A neat attribute of such a system is that an IPsec SA can be established
> on node A, move to node B after a while, and come back to A some time
> later without any actual node failure. State moves around to keep the
> cluster balanced.
Failure is just used as an example of why a certain SA failed over to another
member. It is by no means the only reason. Still, what you are describing is a
model that provides both high-availability and load balancing, and that is the
reason we're moving away from calling the first model "high availability".
>
> I would very much prefer "session failover" to "hot standby" and a
> mild preference of "load balancing" over "load sharing". An HA model
> doing VRRP could be termed "session failover" but the HA model described
> above really can't be called "hot standby". And load can be shared but
> just sharing a load can result in a mis-balanced cluster if sessions on
> one node terminate naturally and it sits doing little while another node
> whose sessions haven't terminated is huffing-and-puffing. Balancing can
> imply sharing but not vice versa.
"Session failover" sounds to me more like a description of an event than a type
of cluster.
>
> regards,
>
> Dan.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
