lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Wed, 04 Dec 2013 13:15:44 -0500
From:	Vlad Yasevich <vyasevich@...il.com>
To:	Sun Paul <paulrbk@...il.com>,
	David Laight <David.Laight@...lab.com>
CC:	netdev@...r.kernel.org, linux-sctp@...r.kernel.org,
	Karl Heiss <kheiss@...il.com>,
	Neil Horman <nhorman@...driver.com>,
	linux-kernel@...r.kernel.org
Subject: Re: Supporting 4 way connections in LKSCTP

On 12/04/2013 12:57 PM, Sun Paul wrote:
> As I know, the A to C and A to D case must have a router in between to form
> SCTP multihome topology.

Not necessary.  I've produced proper multihoming topologies with just
VLANs and different subnet assignment.  You can even remove VLANs
if you correctly set your arp_ignore and arp_announce values.

-vlad

> On Dec 4, 2013 10:51 PM, "David Laight" <David.Laight@...lab.com> wrote:
> 
>>>> In normal operation, IP-A sends INIT to IP-X, IP-X returns INIT_ACK to
>>>> IP-A. IP-A then sends HB to IP-X, IP-X then returns HB_ACK to IP-A. In
>>>> the meantime, IP-B sends HB to IP-Y and IPY returns HB_ACK.
>>>>
>>>> In case of the path between IP-A and IP-X is broken, IP-B sends INIT
>>>> to IP-X, NODE-B uses IP-Y to return INIT_ACK to IP-B. Then IP-B sends
>>>> HB to IP-X, and IP-Y returns HB_ACK to IP-B. In the meantime, the HB
>>>> communication between IP-B and IP-Y follows the normal flow.
>>>>
>>>> Can I confirm, is it really valid?
>>>
>>> As long as NODE-B knows about both IP-A and IP-B, and NODE-A knows about
>>> both IP-X and IP-Y (meaning all the addresses were exchanged inside INIT
>>> and INIT-ACK), then this situation is perfectly valid.  In fact, this
>>> has been tested an multiple interops.
>>
>> There are some network configurations that do cause problems.
>> Consider 4 systems with 3 LAN segments:
>> A) 10.10.10.1 on LAN X and 192.168.1.1 on LAN Y.
>> B) 10.10.10.2 on LAN X and 192.168.1.2 on LAN Y.
>> C) 10.10.10.3 on LAN X.
>> D) 10.10.10.4 on LAN X and 192.168.1.2 on LAN Z.
>> There are no routers between the networks (and none of the systems
>> are running IP forwarding).
>>
>> If A connects to B everything is fine - traffic can use either LAN.
>>
>> Connections from A to C are problematic if C tries to send anything
>> (except a HB) to 192.168.1.1 before receiving a HB response.
>> One of the SCTP stacks we've used did send messages to an
>> inappropriate address, but I've forgotten which one.
>>
>> Connections between A and D fail unless the HB errors A receives
>> for 192.168.1.2 are ignored.
>>
>> Of course the application could explicitly bind to only the 10.x address
>> but that requires the application know the exact network topology
>> and may be difficult for incoming calls.
>>
>>         David
>>
>>
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists