On 6 May 2014 18:51, Jared Mauch <jared@puck.nether.net> wrote:
On May 6, 2014, at 9:11 PM, Constantine A. Murenin <mureninc@gmail.com> wrote:
On 6 May 2014 15:17, David Conrad <drc@virtualized.org> wrote:
Constantine,
On May 6, 2014, at 4:15 PM, Constantine A. Murenin <mureninc@gmail.com> wrote:
Any complaints for Google using the https port 443 for SPDY?
AFAIK, the use of SPDY does not preclude the use of HTTPS on the same network. The fact that in addition to the OpenBSD developers choosing to use 112, they also chose to use the MAC addresses used for VRRP, thus making it impossible to run both VRRP and CARP on the same network due to MAC address conflicts would suggest you might want to pick a better analogy.
Well, that's kinda the issue here -- the comparison with SPDY is actually quite valid. I haven't seen any facts that CARP actually precludes you from using VRRP on your network, unless you use broken VRRP/HSRP implementations (BTW, did you thank OpenBSD for forcing Cisco to fix those?
I'm certainly an advocate for fixing bugs in software. If OpenBSD has decided to participate in the community vs running off, I think you would have seen more "thanks" vs people being upset. I've been involved in a number of negative testing operations against router vendors that found defects. Did you work closely with a CERT or the PSIRT team? If not, that may be the sign of what is going on here.
or would you rather retain an extra attack vector for your routers?), or configure CARP and VRRP to use the same MAC addresses through the same Virtual ID setting (user error), when clearly a choice is available. On the contrary, it's actually clearly and unambiguously confirmed in this very thread that both could coexist just fine: http://mailman.nanog.org/pipermail/nanog/2014-April/066529.html .
SPDY is sitting on the same well known port number but with a different protocol (udp vs tcp) so they can co-exist. There isn't really a true collision in the fact that an application listening to a socket will get the wrong packet. You either get SOCK_DGRAM or SOCK_STREAM.
SPDY does not use UDP, it uses TCP. Check your facts. CARP uses a VRRP version number that has not been defined by VRRP, hence there is no conflict there, either. The link from the quote above has a quote from Henning.
So, then the only problem, perhaps, is that noone has apparently bothered to explicitly document that both VRRP and CARP use 00:00:5e:00:01:xx MAC addresses, and that the "xx" part comes from the "Virtual Router IDentifier (VRID)" in VRRP and "virtual host ID (VHID)" in CARP, providing a colliding namespace, so, one cannot run both with the same Virtual ID on the same network segment.
Or that CARP didn't get their OUI, ask for help from one of the vendors that supports *BSD for use of their space or something else.
Politics. Again, this is a non-issue for most users -- there's a very easy, straightforward and complete workaround. C.