nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: 69/8...this sucks -- Centralizing filtering..

From: Michael.Dillon () radianz com
Date: Mon, 10 Mar 2003 18:02:42 +0000


What I really meant by single pt. of failure was... problems of losing 

the

filtering list if the central system is down... Granted, this would not
cause any network issues..


We know how to set up central authorities without central systems or 
obvious single points of failure. For instance, the DNS has a single root 
authority but there are 13 distributed servers publishing authoritative 
data. And not all of those servers are single systems. For some time now 
Vixie's root server has been at least two systems using his own FreeBSD 
kernel hack to handle load balancing and failover.

Also, people are beginning to realize that having a local cache of 
authoritative data is a wise thing and is not very difficult to do. That's 
why ISC is now offering a replica service for network operators to set up 
local copies of Vixie's F root server.

I would expect that the LDAP service for IP address range attributes would 
leverage all of this knowledge about architecture. LDAP may a more 
versatile protocol than DNS but it is clearly from the same family tree of 
directory service protocols and there are no major roadblocks preventing 
it from being deployed in a sane fashion.

--Michael Dillon
Previous By Date Next
Previous By Thread Next

Current thread: