Re: US patent 5473599

["Constantine A. Murenin" <mureninc () gmail com>]

On 6 May 2014 18:51, Jared Mauch <jared () puck nether net> wrote:
> On May 6, 2014, at 9:11 PM, Constantine A. Murenin <mureninc () gmail com> wrote:
>
> > On 6 May 2014 15:17, David Conrad <drc () virtualized org> wrote:
> > > Constantine,
> > >
> > > On May 6, 2014, at 4:15 PM, Constantine A. Murenin <mureninc () gmail com> wrote:
> > > > Any complaints for Google using the https port 443 for SPDY?
> > >
> > > AFAIK, the use of SPDY does not preclude the use of HTTPS on the same network. The fact that in addition to the 
> > > OpenBSD developers choosing to use 112, they also chose to use the MAC addresses used for VRRP, thus making it 
> > > impossible to run both VRRP and CARP on the same network due to MAC address conflicts would suggest you might want 
> > > to pick a better analogy.
> >
> > Well, that's kinda the issue here -- the comparison with SPDY is
> > actually quite valid.  I haven't seen any facts that CARP actually
> > precludes you from using VRRP on your network, unless you use broken
> > VRRP/HSRP implementations (BTW, did you thank OpenBSD for forcing
> > Cisco to fix those?
>
> I'm certainly an advocate for fixing bugs in software.  If OpenBSD has decided to participate in the community vs 
> running off, I think you would have seen more "thanks" vs people being upset.  I've been involved in a number of 
> negative testing operations against router vendors that found defects.  Did you work closely with a CERT or the PSIRT 
> team?  If not, that may be the sign of what is going on here.
>
> > or would you rather retain an extra attack vector
> > for your routers?), or configure CARP and VRRP to use the same MAC
> > addresses through the same Virtual ID setting (user error), when
> > clearly a choice is available.  On the contrary, it's actually clearly
> > and unambiguously confirmed in this very thread that both could
> > coexist just fine:
> > http://mailman.nanog.org/pipermail/nanog/2014-April/066529.html .
>
> SPDY is sitting on the same well known port number but with a different protocol (udp vs tcp) so they can co-exist.  
> There isn't really a true collision in the fact that an application listening to a socket will get the wrong packet.  
> You either get SOCK_DGRAM or SOCK_STREAM.

SPDY does not use UDP, it uses TCP.  Check your facts.

CARP uses a VRRP version number that has not been defined by VRRP,
hence there is no conflict there, either.  The link from the quote
above has a quote from Henning.

> > So, then the only problem, perhaps, is that noone has apparently
> > bothered to explicitly document that both VRRP and CARP use
> > 00:00:5e:00:01:xx MAC addresses, and that the "xx" part comes from the
> > "Virtual Router IDentifier (VRID)" in VRRP and "virtual host ID
> > (VHID)" in CARP, providing a colliding namespace, so, one cannot run
> > both with the same Virtual ID on the same network segment.
>
> Or that CARP didn't get their OUI, ask for help from one of the vendors that supports *BSD for use of their space or 
> something else.

Politics.  Again, this is a non-issue for most users -- there's a very
easy, straightforward and complete workaround.

C.