This isn't a problem with FC
on
HyperSCSI Examined
·
· Score: 2, Insightful
Fiber Channel SANs aren't based on IP either, yet people manage to do off site replication with them.
I don't know how far away you want to put your off-site backup, but Cisco have been selling a GBIC (Gigabit Interface Converter ? Too many FLAs for my head these days), which they've been calling 1000BaseZX, which will send an GigE signal around 90 Kilometers over single mode fibre.
Even Full Duplex Fast Ethernet over multi-mode fibre will go 2 Kilometers.
You can build some really big ethernet networks these days. I don't think the non-IP thing is all that much of an issue.
Although the idea of using cheap commodity equipment like ethernet is to rationalise multiple networks down to a single IP network, there are also good reasons to using commodity ethernet to build a separate network for your storage, security being the main one. It probably wouldn't be too good to have CodeRed or other worms of its ilk infecting your storage network.
BTW, Andre Hedrick is one of the main IDE developers for Linux.
I certainly appreciate his IDE efforts, but of course he is going to criticise the technology - his company is an iSCSI company!
What, do they think he is going to say, "Gee, and all this time, I've thinking that iSCSI is the right thing to work on. I'm going to abandon iSCSI right now, and start playing with this HyperSCSI thing."
I was paid approximately $100K p.a. to work on the largest ISP's IPSec VPN product, as a Senior VPN and Internet Security engineer.
If I don't know what I'm talking about, I managed to fool them for two years.
Try running two SMTP servers behind a NAT box - which one are you going to map TCP port 25 to, and which one isn't going to receive external email ?
All you NAT-lovers, solve that one...
(and no, you are not allowed use a single SMTP server, for security reasons for example).
Quoting the RFC is easier for me than desribing my experience.
However, briefly,
a) I first implemented NAT for a customer of mine in 1995. NAT broke their application, because IP address information was embedded inside the payload. That was my first sign something was wrong with NAT.
b) I've seen a 10 000 user network crash because the powersupply in the NAT box failed. At the time there wasn't an alternate path, but if there was, the NAT boxes would have some sort of proprietory state sharing protocol, and the boxes would have to be directly connected together - which provides a geographical limit as to how far apart the NAT boxes can be. Too bad if you want to have diverse geographical Internet connections.
With dumb old routers you can do this easily, because they don't maintain state, and therefore would operate independantly of each other.
c) Approximately a year ago I spent two _months_ solid working on NAT for VPN solutions There something in the order of 50+ different combinations of VPN toplogogies, and NAT options. It was a Brain F**k.
All that work could have been avoided by just using unique public address space.
I'm not to worried what the slashdot audience thinks of my opinion, I suspect most of them are aged between 14 to 20, and don't have much or any real world experience.
Don't waste my time and your's, calling me a troll, until you have read the link I posted.
You don't have an informed opinion about NAT, so you shouldn't express it.
However, it wasn't that they (the IANA / RIR) didn't want to give out addresses, they just needed to stop giving out so many. Their _previous_ allocation methods were going to cause a shortage of IPv4 addresses.
So, they changed their policy from "we'll give you what you want" to "we'll give you what you need, after you show us a plan".
You can still get plenty of IPv4 addresses today, you just have to show that what you are requesting is reasonable, not excessive.
"Ha ha ha, I'm better than the hackers, my addresses are hidden".
or
"Hee hee, my ISP doesn't realise I'm connecting more than one PC" BONK. Yes they do.
Its a pitty these NATters don't realise
NAT doesn't protect you from email payload viruses.
NAT doesn't protect you from spy where. You downloaded that when you downloaded the free P2P software. Once inside your NAT box, it can establish more outgoing TCP connections, and download what ever it likes.
TCP connections are full duplex - data (innocent or malicious) can be downloaded via a TCP connection initiated in the outgoing direction.
That is how the WWW works !
Its just breaking the Internet, killing off useful peer to peer applications like speakeasy.
Do people like screwing around with their NAT box configuration everytime they add a new P2P application ? (dumb question on slashdot I suppose).
For those that think it is wonderful, spend some time reading and understanding this RFC
Slashdot Mirror
I, for one, welcome our new grid computer overlords.
for business and home users.
Grid Supercomputing: The Next Push
Fiber Channel SANs aren't based on IP either, yet people manage to do off site replication with them.
I don't know how far away you want to put your off-site backup, but Cisco have been selling a GBIC (Gigabit Interface Converter ? Too many FLAs for my head these days), which they've been calling 1000BaseZX, which will send an GigE signal around 90 Kilometers over single mode fibre.
Even Full Duplex Fast Ethernet over multi-mode fibre will go 2 Kilometers.
You can build some really big ethernet networks these days. I don't think the non-IP thing is all that much of an issue.
Although the idea of using cheap commodity equipment like ethernet is to rationalise multiple networks down to a single IP network, there are also good reasons to using commodity ethernet to build a separate network for your storage, security being the main one. It probably wouldn't be too good to have CodeRed or other worms of its ilk infecting your storage network.
BTW, Andre Hedrick is one of the main IDE developers for Linux.
I certainly appreciate his IDE efforts, but of course he is going to criticise the technology - his company is an iSCSI company!
What, do they think he is going to say, "Gee, and all this time, I've thinking that iSCSI is the right thing to work on. I'm going to abandon iSCSI right now, and start playing with this HyperSCSI thing."
I was paid approximately $100K p.a. to work on the largest ISP's IPSec VPN product, as a Senior VPN and Internet Security engineer. If I don't know what I'm talking about, I managed to fool them for two years.
Try running two SMTP servers behind a NAT box - which one are you going to map TCP port 25 to, and which one isn't going to receive external email ? All you NAT-lovers, solve that one ...
(and no, you are not allowed use a single SMTP server, for security reasons for example).
Quoting the RFC is easier for me than desribing my experience.
However, briefly,
a) I first implemented NAT for a customer of mine in 1995. NAT broke their application, because IP address information was embedded inside the payload. That was my first sign something was wrong with NAT.
b) I've seen a 10 000 user network crash because the powersupply in the NAT box failed. At the time there wasn't an alternate path, but if there was, the NAT boxes would have some sort of proprietory state sharing protocol, and the boxes would have to be directly connected together - which provides a geographical limit as to how far apart the NAT boxes can be. Too bad if you want to have diverse geographical Internet connections.
With dumb old routers you can do this easily, because they don't maintain state, and therefore would operate independantly of each other.
c) Approximately a year ago I spent two _months_ solid working on NAT for VPN solutions There something in the order of 50+ different combinations of VPN toplogogies, and NAT options. It was a Brain F**k.
All that work could have been avoided by just using unique public address space.
I'm not to worried what the slashdot audience thinks of my opinion, I suspect most of them are aged between 14 to 20, and don't have much or any real world experience.
Don't waste my time and your's, calling me a troll, until you have read the link I posted. You don't have an informed opinion about NAT, so you shouldn't express it.
Generally correct.
However, it wasn't that they (the IANA / RIR) didn't want to give out addresses, they just needed to stop giving out so many. Their _previous_ allocation methods were going to cause a shortage of IPv4 addresses.
So, they changed their policy from "we'll give you what you want" to "we'll give you what you need, after you show us a plan".
You can still get plenty of IPv4 addresses today, you just have to show that what you are requesting is reasonable, not excessive.
RFC 2993 - Architectural Implications of NAT
He is completely correct, you are completely incorrect.
RFC 2993 - Architectural Implications of NATWhy do people just love NAT ?
Is it a "superiority complex" thing ?
"Ha ha ha, I'm better than the hackers, my addresses are hidden".
or
"Hee hee, my ISP doesn't realise I'm connecting more than one PC" BONK. Yes they do.
Its a pitty these NATters don't realise
Its just breaking the Internet, killing off useful peer to peer applications like speakeasy.
Do people like screwing around with their NAT box configuration everytime they add a new P2P application ? (dumb question on slashdot I suppose).
For those that think it is wonderful, spend some time reading and understanding this RFC
RFC 2993 - Architectural Implications of NATUntil that point, you don't have an informed opinion about NAT, so you shouldn't express it.