|
On Fri, 2008-03-07 at 05:18 -0800, Joseph Mack NA3T wrote:
> I don't deal with ISPs so I don't know what they do. However
> advertising the VIP and allowing taffic from the VIP are
> separate logically. I would expect if you're the customer
> and said "if I'm going to be here, I need packets from the
> VIP to be let out" that they would do it.
Not necessarily. If I'm Hosting company A, and I peer using BGP with
ISPs B, C, D and E then it's in their interests to ensure that they only
accept traffic from the prefixes I announce to them - prefix filtering,
in ISP parlance.
If I'm a customer of Hosting company A *and* a customer of Hosting
company Z (who peers with ISPs B, C, X and Y) then I may be able to
persuade companies A and Z to permit each other's traffic out of each
other's network, but I doubt it - I speak from experience here, both as
a customer *and* as a host *and* as an ISP!
> however you're saying that even if the ISP let out packets
> from the VIP, that routers upstream would stop these
> packets?
If I'm an ISP and I permit arbitrary traffic through my network from a
source (non-transit) network like a web host, then I am liable to be
ostracised at a high speed from the world at large by my peers since
this is a significant cause of DDoS problems.
> In this case LVS-Tun can't be deployed anywhere?
No, that's not the case - if I'm lucky enough to have acquire PI space,
that's "Provider Independent" rather than PA space (Provider
Aggregatable) then I can probably request, persuade or pay for both
companies A and Z to announce it to the world. If it's announced,
they'll let it in and out. In my experience this is the most common way
for TUN-type load balancing to work; the more complex methods involve
becoming an ISP yourself (like Google, Akamai, Microsoft et al) to
provide your own services.
In my opinion the original poster's question is a valid one, but is
nothing to do with LVS - it's a network operations problem which needs
dealing with by the providers involved.
Graeme
|
