next steps

[Francis Dupont]

> > => we need the addresses on both side of SD-AFTR1 so we can copy them
> > on SD-AFTR2 for the failover (using hwaddress clauses in
> > /etc/network/interfaces)
> 
> Assuming the ethernet cards actually support that.

=> I know only one NIC where the Ethernet address is not settable...

> I'm going to make the failover interfaces be the hardware internet
> rather than the usbs, and use the usb for the external
> to-the-internet

=> but as we have to set addresses on both side this won't help.
BTW I believe it is a good idea anyway to put reliable Giga Ethernet
NICs on the internal switch side: I don't know how the switch really
accomodate different Ethernet speed.

> How am I supposed to get DNS?

=> if the question is about the server and dnsmasq proxies, yes.
If the question is about putting addresses in a zone, IMHO it is not
needed so to do only if we have enough time.

> So we can go double nat?

=> not really as the SD-AFTR is configured with A+P/PRR entries
so doesn't NAT. But it supports double NAT as in the SD-NAT I-D v01.

> >From my perspective I'd like to keep it on the diagram.

=> yes but a box with the name and description is enough.

> > - there is no IPv4 prefix for the internal Ethernet (the one with
> > the switch)
> 
> It's there to get to the switch.

=> it is a layer 2 device: no IPv4 address PLEASE.

> > - I don't know what will be the switch but I recommend a small dumb
> > switch without management and port replication
> 
> Netgear Prosafe GS105E, and it has management and port replication,
> because I thought that was what we'd agreed on.

=> I explicitely disagree(d): this will interfere badly with the demo,
and of course it doesn't provide management over IPv6?

> While this makes sense, I thought the plan was to have wireshark
> listening on a mirrored port.

=> it was and still is a bad idea.

> > - the DNS will be over IPv6 with a caching server on SD-AFTRs.
> > Looking at the saved conf/testbeds/hw/aftr-named.conf
> > there is nothing special.
> 
> The problem here (to me) was that the caching server on the AFTRs
> needs to listen on an ipv6 address. The failover process assuming it's
> switching ivp6 addresses (or adding them)
> needs to update the ipv6 address, and/or restart the name server to
> quickly pickup the new interface/ip

=> no: the failover is hardware swap of boxes with the same addresses
(Ethernet, IPv4, IPv6, both side, box and AFTR service).

> I'm under the impression that bind scans for new interfaces periodically.

=> bind does what you ask it to do, and I used the config I propose
so I can say it is the right one.

Regards

Francis Dupont <fdupont at isc.org>