On 6 May 2014 18:51, Jared Mauch <ja...@puck.nether.net> wrote:
>
> On May 6, 2014, at 9:11 PM, Constantine A. Murenin <muren...@gmail.com> wrote:
>
>> On 6 May 2014 15:17, David Conrad <d...@virtualized.org> wrote:
>>> Constantine,
>>>
>>> On May 6, 2014, at 4:15 PM, Constantine A. Murenin <muren...@gmail.com> 
>>> wrote:
>>>> Any complaints for Google using the https port 443 for SPDY?
>>>
>>> AFAIK, the use of SPDY does not preclude the use of HTTPS on the same 
>>> network. The fact that in addition to the OpenBSD developers choosing to 
>>> use 112, they also chose to use the MAC addresses used for VRRP, thus 
>>> making it impossible to run both VRRP and CARP on the same network due to 
>>> MAC address conflicts would suggest you might want to pick a better analogy.
>>
>> Well, that's kinda the issue here -- the comparison with SPDY is
>> actually quite valid.  I haven't seen any facts that CARP actually
>> precludes you from using VRRP on your network, unless you use broken
>> VRRP/HSRP implementations (BTW, did you thank OpenBSD for forcing
>> Cisco to fix those?
>
> I'm certainly an advocate for fixing bugs in software.  If OpenBSD has 
> decided to participate in the community vs running off, I think you would 
> have seen more "thanks" vs people being upset.  I've been involved in a 
> number of negative testing operations against router vendors that found 
> defects.  Did you work closely with a CERT or the PSIRT team?  If not, that 
> may be the sign of what is going on here.
>
>> or would you rather retain an extra attack vector
>> for your routers?), or configure CARP and VRRP to use the same MAC
>> addresses through the same Virtual ID setting (user error), when
>> clearly a choice is available.  On the contrary, it's actually clearly
>> and unambiguously confirmed in this very thread that both could
>> coexist just fine:
>> http://mailman.nanog.org/pipermail/nanog/2014-April/066529.html .
>
> SPDY is sitting on the same well known port number but with a different 
> protocol (udp vs tcp) so they can co-exist.  There isn't really a true 
> collision in the fact that an application listening to a socket will get the 
> wrong packet.  You either get SOCK_DGRAM or SOCK_STREAM.

SPDY does not use UDP, it uses TCP.  Check your facts.

CARP uses a VRRP version number that has not been defined by VRRP,
hence there is no conflict there, either.  The link from the quote
above has a quote from Henning.

>
>> So, then the only problem, perhaps, is that noone has apparently
>> bothered to explicitly document that both VRRP and CARP use
>> 00:00:5e:00:01:xx MAC addresses, and that the "xx" part comes from the
>> "Virtual Router IDentifier (VRID)" in VRRP and "virtual host ID
>> (VHID)" in CARP, providing a colliding namespace, so, one cannot run
>> both with the same Virtual ID on the same network segment.
>
> Or that CARP didn't get their OUI, ask for help from one of the vendors that 
> supports *BSD for use of their space or something else.

Politics.  Again, this is a non-issue for most users -- there's a very
easy, straightforward and complete workaround.

C.

Reply via email to