[Mip6] Re: Questions on HA reliability draft
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Mip6] Re: Questions on HA reliability draft

Dear Tobias

Thanks for comments.
Please find my comments inline.

On 2007/03/19, at 10:10, Tobias.HOF at fr.thalesgroup.com wrote:

Hello Ryuji,

first of all, please allow me to introduce myself: I am working as a networking engineer in an R&D team of Thales Communications in France, where I focus on mobility and security aspects, mainly in IPv6 networks.

In the context of one our research projects, we are very interested in HA multiplication in order to increase redundancy of the MIPv6/ Nemo architecture.This is why we studied your draft describing the synchronization between an Active HA and a Standby HA (Home Agent Reliability).

However, I still have some questions regarding the draft, I hope you can answer them or give me your opinion.


1) Redundancy Home Agent Set = Pair or Group of HAs?
---------------------------------------------------------------------- -------------
From the draft, it's not clear to me if the Redundant Home Agent set is a pair of one Active Home Agent and a single Standby Home Agent or if there are multiple Standby Home Agents. In the terminology part, you define it as a pair, however, in the remainder of the draft, the descriptions always speak of multiple Standby HAs per Active Home Agent (e.g. section 6.1). 


Redundancy HA set is for group of HAs.


In case there can be several Standby Home Agents (SHA) per Active Home Agent (AHA), I see the following additional complexity for the Home Agent Hello protocol:
If the AHA has several SHAs, each of the SHAs must have a different preference value, which is announced in the Hello Message. Furthermore, I suppose that each SHAs is supposed to listen to the AHA's heartbeats.
But, the SHAs must also exchange Hello messages between themselves, and this in a fully meshed manner, .i.e. each SHA to each of its partner SHAs, in order to
1. discover if there are SHAs with higher preferences
2. detect if at least one of the SHAs with a higher preference is still alive

I had a look on VRRP to see how they handle this issue, but they also focus on the case of a single backup router.

This is up to operation, but i can say that if SHA is deployed on a same link (local HA recovery).
Hello message can be sent to the all-router-multicast address. Thus, we can avoid meshed exchange.



2) Delegation of only a part of the bindings from the AHA to a/the SHA
---------------------------------------------------------------------- --------------------------------
The mechanisms you describe section 4.4 (Fig.3) show how an AHA can delegate all its bindings to its SHA, e.g. in the case that it will go down for maintenance. You also show how the ex-AHA can get back all its bindings when it come back to live.

However, I think that we should also consider the case where an AHA only wants to delegate some of its bindings to a SHA. For example, this can be very interesting if you think of load-balancing between HAs: If the AHA starts to get saturated (e.g. going over a pre- defined number of bindings or a given datarate on its outgoing interface), it should start to handover new bindings to another HA.

Can the current specifications do this or do you consider this out of scope of the current HA reliability draft? 

it depends on which switch mode you assume in your case.
If it is virtual switch case, it is impossible because only
AHA activates the HA address on its interface.
Of course, like VRRP, you can define two set of redundancy pairs
for the same HAs: each HA acts as SHA and AHA simultaneously.

However in the hard switch mode, AHA can send a HA switch message to a MN
in order to change AHA to one of SHA.
AHA can be defined per MN in the HA hard switch case.

The following section may imply your case.
Since each home agent has a different address, an active home
agent can be defined for each mobile node. When a mobile node
boots, it will discover home agents and create IPsec SAs with
them. It will then decide which one of the home agents is its
active home agent. For example, when two home agents serve a home
network, half of the mobile nodes might register with one home
agent and the rest of mobile nodes with another home agent. When
one of the home agents fails, a standby home agent, whose
preference value is next highest than the failed home agent, can
trigger a home agent switch by sending a Home Agent Switch message
to the mobile nodes that were registered with the failed home
agent.

One reminder is that load-balancing is out of scope in this document according to MIP6 charter.



3) Terminology: SwitchBack vs. SwitchOver
---------------------------------------------------------------
I am curious to know how it comes that you call the initial request from a AHA to a SHA "SwitchBACK" and then the request to get back the bindings "SwitchOVER". Maybe I would have chosen the same terms, but I think I would have assigned them the other way round, as I think you can only ask to switch _back_ something which has been the other way round before. So, I would propose to use "SwitchOver" for the initial message (first part of fig. 3) and "SwitchBack" when the inital HA comes back to life.


:-)
This message was introduced by one of DT.
I will discuss your comment in DT.

ryuji

I really appreciate your opinion on these points and I thank you in advance for your answers!

I send this mail directly to you and no to the ML, but if you consider it appropriate to discuss it there, I can post it there as well.

Best regards,
Tobias



_______________________________________________
Mip6 mailing list
Mip6 at ietf.org
https://www1.ietf.org/mailman/listinfo/mip6



Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.