[Info-vax] The continued ham-stringing of IPsec/VMS - Cui Bono? - TUDs - Bobby Ewing
Richard Maher
maher_rj at hotspamnotmail.com
Thu Oct 29 05:42:35 EDT 2009
Hi Arne,
"Arne Vajhøj" <arne at vajhoej.dk> wrote in message
news:4ae8e9d1$0$279$14726298 at news.sunsite.dk...
> Richard B. Gilbert wrote:
> > Arne Vajhøj wrote:
> >> Richard B. Gilbert wrote:
> >>> Bob Koehler wrote:
> >>>> In article <hc05rh$c4f$1 at news-01.bur.connect.com.au>, "Richard
> >>>> Maher" <maher_rj at hotspamnotmail.com> writes:
> >>>>> So while it's great to see IPsec doing a Bobby Ewing and getting to
> >>>>> live
> >>>>> another day, I just cannot understand how it could possibly take
> >>>>> another 12
> >>>>> months to certify code that is already there, and will already have
> >>>>> shipped
> >>>>> in H1 2010 with TCP/IP 5.7.
> >>>>>
> >>>>> Can someone please explain to me what obstacles are preventing
> >>>>> IPsec from
> >>>>> being supported in H1 2010 with VMS 8.4?
> >>>>
> >>>> I don't work for HP, but testing and certification of reliable
code
> >>>> across a great many hardware platforms takes time. I would not
like
> >>>> to see VMS Engineering start cutting corners on testing.
> >>>
> >>> Which "great many" hardware platforms are we talking about? I count
> >>> three: VAX, Alpha, and Itanic. And I'd be willing to dispense with
> >>> Itanic! If you have to test with every processor speed, every memory
> >>> size, every combination of I/O devices. . . .
> >>
> >> 3 architectures
> >> different NIC's
> >
> > Isn't the NIC the responsibility of the driver? It simply sends what
> > it's told to send and listens for traffic addressed to it. Wouldn't
> > IPSEC encryption be done before the NIC and the driver got involved?
> >
> >> different number of NIC's
> >> single CPU and multi CPU systems
> >
> > Such systems have existed for many years. Traffic on multiple hardware
> > links can be encrypted nearly as easily as on a single link. A slow CPU
> > and multiple encrypted links could be painful . . . .
>
> IPSEC is done at a low level compared to various other
> encryptions.
>
> I would expect VMS engineering to test this stuff on a wide variety of
> configurations otherwise something will break.
What, unlike Clusters-over-IP which was developed using a more Agile,
itterative, bugger-it-what-could-go-wrong approach?
Consistency! A level playing field! Merit-based deployment! Objectivity! -
PLEASE
>
> Arne
Regards Richard Maher
PS. And I heard that with those 32 volume shadow sets they just get bolting
'em on till something cracked.
More information about the Info-vax
mailing list