Hi Yoav, > I have noticed that StrongSwan is [not] implementing clustering.
Starting with the recently released 4.4.0, we provide an experimental clustering feature. Using the terms from the draft, it is a "Tight Completely Transparent Load Sharing Cluster". Most work has been done before the HA discussion started on the list, more details are available at [1]. > Have you had a chance to read it? Yes. > If so, I would very much appreciate it, if you could send a short > review to the list. The terminology is very useful. I used the term "node" for a single box in the cluster, but "member" is even better. For "Outbound SA Counters", we use an approach to "count, but not encrypt" the packets on the passive members. And our "Inbound SA Counters" are updated by verifying a packet from time to time. This approach has some requirements to the cluster setup and some problems not trivial to handle. So I'm not sure if we should mention it in the draft. > Mainly, they want to know if the document is ready, or whether there > are some issues that are not yet covered there. I think the draft is good to go. It provides a good overview and states the problems that need to be addressed. Best regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
