DNS hardening, was Re: Dan Kaminsky

Ross Vandegrift ross at kallisti.us
Thu Aug 6 10:26:05 CDT 2009

On Thu, Aug 06, 2009 at 03:16:25PM +0000, Paul Vixie wrote:
> > ...: "Do loadbalancers, or loadbalanced deployments, deal with this
> > properly?" (loadbalancers like F5, citrix, radware, cisco, etc...)
> as far as i know, no loadbalancer understands SCTP today.  if they can be
> made to pass SCTP through unmodified and only do their enhanced L4 on UDP
> and TCP as they do now, all will be well.  if not then a loadbalancer
> upgrade or removal will be nec'y for anyone who wants to deploy SCTP.

F5 BIG-IP 10.0 has support for load balancing SCTP.  I have not tested
or implemented it.  I do not know what feature parity exists with
other protocols.  But at least it's documented and supported.

Ross Vandegrift
ross at kallisti.us

"If the fight gets hot, the songs get hotter.  If the going gets tough,
the songs get tougher."
	--Woody Guthrie

More information about the NANOG mailing list