|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: 69/8...this sucks -- Centralizing filtering..
>What I really meant by single pt. of failure was... problems of losing the >filtering list if the central system is down... Granted, this would not >cause any network issues.. We know how to set up central authorities without central systems or obvious single points of failure. For instance, the DNS has a single root authority but there are 13 distributed servers publishing authoritative data. And not all of those servers are single systems. For some time now Vixie's root server has been at least two systems using his own FreeBSD kernel hack to handle load balancing and failover. Also, people are beginning to realize that having a local cache of authoritative data is a wise thing and is not very difficult to do. That's why ISC is now offering a replica service for network operators to set up local copies of Vixie's F root server. I would expect that the LDAP service for IP address range attributes would leverage all of this knowledge about architecture. LDAP may a more versatile protocol than DNS but it is clearly from the same family tree of directory service protocols and there are no major roadblocks preventing it from being deployed in a sane fashion. --Michael Dillon |