client involvement in draft-vidya-ipsec-failover-ps-00

[Wesley Eddy <weddy@xxxxxxxxxxxx>]

I have a question on the bullet in section 5 of
draft-vidya-ipsec-failover-ps-00 that lists "client involvement" as a
goal.  This bullet states that failover is not intended to be
transparent to the client.  Given that the previous section mentions
using VRRP for redundant gateways to share an IP address, I had assumed
the goal would be to make failover transparent to clients.  These
parts of the draft seem to conflict, but maybe I'm just misunderstanding.

I also think that a mechanism that can only be client-initiated is a big
problem because it would require fast dead-peer detection, which implies
a high amount of usually worthless signaling.  In the tradeoff between
fast dead-peer detection and low signaling overhead for constrained
aeronautics and space links, low overhead wins out, and an entirely
transparent failover solution based on using VRRP or anycast to reach
redundant gateways is highly preferable to me.

I might say that client involvement MUST NOT be required of a failover
solution between redundant gateways, but that a mechanism to exchange
SAD/SPD entries between gateways SHOULD also be compatible with
other (possibly client-based) mechanisms for selecting between
equivalent gateways.

-- 
Wesley M. Eddy
Verizon Federal Network Systems