* IPSEC key sync
@ 2006-07-20 23:14 Kalev Lember
2006-07-20 23:20 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Kalev Lember @ 2006-07-20 23:14 UTC (permalink / raw)
To: linux-kernel; +Cc: Antti Andreimann
Hello,
OpenBSD has sasyncd daemon to synchronize IPSEC keys between two or more
hosts that should act as failover gateways. I am wondering if it is
possible to do this with Linux.
There are IP_VS_PROTO_ESP and IP_VS_PROTO_AH configuration options which
claim to do "ESP and AH load balancing support". I am wondering what
does this exactly mean? I tried IPVS compiled with those options with
keepalived and it didn't seem to synchronize keys.
Maybe sasyncd should be ported to Linux?
--
Kalev Lember
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: IPSEC key sync
2006-07-20 23:14 IPSEC key sync Kalev Lember
@ 2006-07-20 23:20 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2006-07-20 23:20 UTC (permalink / raw)
To: kalev; +Cc: linux-kernel, anttix
From: Kalev Lember <kalev@smartlink.ee>
Date: Fri, 21 Jul 2006 02:14:33 +0300
> There are IP_VS_PROTO_ESP and IP_VS_PROTO_AH configuration options which
> claim to do "ESP and AH load balancing support". I am wondering what
> does this exactly mean? I tried IPVS compiled with those options with
> keepalived and it didn't seem to synchronize keys.
It does exactly what it claims, it load balances traffic
using the ESP/AH SPI field as part of the load balancing
hashing algorithm.
It does nothing more, nothing less.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-07-20 23:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-20 23:14 IPSEC key sync Kalev Lember
2006-07-20 23:20 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox