DNS hardening, was Re: Dan Kaminsky

Ross Vandegrift ross at kallisti.us
Thu Aug 6 10:26:05 CDT 2009


On Thu, Aug 06, 2009 at 03:16:25PM +0000, Paul Vixie wrote:
> > ...: "Do loadbalancers, or loadbalanced deployments, deal with this
> > properly?" (loadbalancers like F5, citrix, radware, cisco, etc...)
> 
> as far as i know, no loadbalancer understands SCTP today.  if they can be
> made to pass SCTP through unmodified and only do their enhanced L4 on UDP
> and TCP as they do now, all will be well.  if not then a loadbalancer
> upgrade or removal will be nec'y for anyone who wants to deploy SCTP.

F5 BIG-IP 10.0 has support for load balancing SCTP.  I have not tested
or implemented it.  I do not know what feature parity exists with
other protocols.  But at least it's documented and supported.

-- 
Ross Vandegrift
ross at kallisti.us

"If the fight gets hot, the songs get hotter.  If the going gets tough,
the songs get tougher."
	--Woody Guthrie




More information about the NANOG mailing list