►
From YouTube: DASH HA High Availability Working Group 20220503
Description
May 5, 2022 HA WG Call
A
So,
just
to
remind
everyone,
we
are
trying
to
finalize
the
requirement
it
is
based
on
the
requirements
published
in
the
existing
dash
h,
a
document.
So
our
goal
is
to
review
all
of
them
add
things
that
were
maybe
implied
and
put
them
explicitly
into
the
list,
and
so
that
we
won't
have
anything
that
is
that
won't
be
clear
before
we
move
on
to
the
next
next
phase,
which
is
defining
all
the
flows
and
all
the
scenarios
by
which
should
operate.
A
So
if
you
have
any
questions
to
the
previous
one
about
the
downtime
ability
to
resume
connections,
the
fact
that
the
full
flow
table
should
be
replicated
to
the
peers,
we
need
to
be
able
to
handle,
link,
flapping
and
asymmetrical
flows,
and
this
is
by
the
way
what
we
wanted
to
what
we
wanted,
michael
for.
So
this
still
to
be
reviewed.
A
Yeah,
so
this
is,
let
me
remind
you
from
our
last
discussion.
We
were
talking
that
about
the
case
where
it
is
possible
when
we
have
flow,
we
have
two
directions
of
the
flow
and
in
one
direction
packet.
It
does
not
look
the
same
way
as
in
the
opposite
direction,
and
I'm
not
talking
about
swapping
source
and
destination.
I'm
talking
about
in
one
direction
it
could
be,
it
could
be
encapsulated
in
the
other
one.
A
It
could
be
not
encapsulated
or
encapsulated
in
a
different
kind
of
tunnel
resulting
in
switches,
hashing
them
two
different
appliances,
so
that
one
one
appliance
will
get
the
outbound
direction.
Another
will
get
the
inbound
direction.
So
we
wanted
to
clarify
this
point
at
this
meeting.
What
are
the
exact
scenarios
so
that
we
can
we
can
plan
for
for
this
to
be
supported
as
well.
B
B
Only
and
to
be
honest,
the
one
thing
that
you
mentioned
second
bullet
from
the
bottom
when
ensured,
bought
an
inbound
elbow
packets
transit,
the
similar
plans
for
the
given
flow.
We
should
not
take
it
as
a
requirement
because,
because
tours
are
like
normal
forwarding
appliances,
link
will
change.
The
tools
will
go
into
maintenance
mode
or
those
kind
of
stuff
right.
So
the
main
reason
for
the
flow
replication,
which
is
which
is
kind
of
like
a
ford
for
the
bullet,
point
to
make
sure
once
we
create
the
flow.
B
This
flow
is
kind
of
immediately
replicated,
and
the
main
reason
for
this
is
that
the
the
the
packet
later
as
the
connection
is
is
happening
is
already
established.
Right
can
come
to
a
different
appliance,
and
this
is
fully
normal.
So
this
ensure
we
should.
We
should
cross
it
out,
because
this
will
not
be
happening
like
we
don't.
A
But
I
think
this
one
is
talking
about,
so
we
should
distinguish
of
the
establishing
of
the
connection
from
a
connection
already
established
and
the
flow
is
moved
to
a
different
appliance.
So
in
case
the
connection
is
already
established
and
replicated
to
another
appliance.
There
is
no
problem
in
moving
that
flow
to
another
plant.
B
Somehow
those
this
other
plans
needs
to
be
in
a
part
during,
for
example,
the
scene
exchange
right,
because
it
cannot
be
a
synchronous
replication
for
every
single
staff
and
main
reason
for
this
is
asynchronous
replication.
Just
doesn't
have
these
guarantees
like
in
a
way
if
only
one
appliance
is
participating
in
synagogue,
exchange
right
and
the
and
the
other
place
is
just
receiving
packets,
something
like
fyi.
B
This
was
this
right.
If
the
fya
packet
get
lost,
for
example,
right
the
and
the
primary
appliance
dies,
then
this
specific
flow
dies.
So
so
I
believe
that
those
two
appliances
should
work
more
kind
of
like
the
package.
The
same
packets
should
be
going
through
through
both
appliances
like
in
a
way.
One
appliance
then
forwarding
to
the
second.
B
That
packet
can
get
lost
and
this
flow
will
never
be
replicated
right,
which
would
be
bad
right
or
you
actually
have
a
kind
of
like
tcp
connectivity.
There
and
you'll
be
retrying
those
kind
of
packets
right.
So
you
are
relying
on
having
some
q
and
potentially
the
q,
built
up
on
your
forwarding
appliances
right.
So,
instead
of
having
q
built
up,
why
not
just
bounce
this
packet
across
two
appliances?
So
it
arrives
on
first
appliance.
We
just
bounce
into
the
second
appliance
bounce
it
back
and
kind
of
forward
it
out.
C
So
you
should
read
the
document.
I
wrote
because
he's
saying
all
the
opposite,
because
if
you
send
all
all
six
of
those
packets
to
the
other
appliance
you're
going
to
do
more
than
half
of
all
the
bandwidth
which
is
not
good
either.
So,
if
you're
going
to
chew
up
half
the
bandwidth
just
for
sending
packets,
as
is
to
the
other
appliance,
you
lost
half
your
bandwidth,
maybe
more
because
you
know
five
million
connections
per
second
times
six
or
thirty
million
connections
per
second,
that's
more
than
half
the
bandwidth.
So
that's.
B
C
C
C
B
C
So
so
we
can
debate
that
in
the
future.
So
I
want
that
to
be
kind
of
open,
because
I
think
excite
probably
has
some
ideas.
I
wrote
some
ideas
down,
probably
it's
somewhere
in
between,
but
we
just
need
to
be
mindful
of
we
at
all
costs.
Don't
we
want
to
be
chewing
up
all
of
our
bandwidth
for
replication.
C
So
take
that
as
a
side
note,
I
think
it's
worth.
We
will
be
probably
talking
about
that
for
weeks.
I'm
sure
to
get
it
right.
It
is
like
that's
the
hardest
thing
to
try
to
balance
the
bandwidth
of
replication
versus
the
the
quality
of
rep
replication,
which
we're
all
concerned
with
and
I'll
share
my
paper,
I'm
just
trying
to
finish
it
up
the
next
time.
B
Let's
say
through
the
other
appliance
right.
This
does
not
port
needs
to
be
exactly
the
same
to
kind
of
transfer
it
back
those
kind
of
stuff.
That's.
Why
that's?
Why?
Basically
at
least
this
initials
of
those,
I
would
say,
initial
sort
of
packet
with,
for
example,
let's
say
there
is
a
sin
right
and
the
sin
selects
some
specific
port
for
that
for
the
transformation
of
the
of
the
knot
right,
because
the
ports
are
dynamic.
Let's
say
right:
this
is
like
a
specific
port,
so
this
port
should
be
most
likely.
B
So
whenever
some
returning
packets
during
this
exchange
land
on
the
other
appliance,
the
appliance
knows
how
to
revert
it
back
to
the
correct
port
right
and
then
and
then
the
question
should
this
first
packet
be
the
one
who
is
which
is
basically
already
establishing
a
flow
and
doesn't
care
about
the
the
snack
packet.
Or
do
we
also
want
to
balance
snack
packets
to
make
sure
we
somehow
communicate
to
the
other
plants
that
this
flow
is
actually
alive
and
and
not
something
that
was
not
fully
established,
for
example
right?
C
I
talk
about
that
because
we're
gonna
use
the
we
should
be
using
the
tcp
state
machine.
It
tells
you
when
something
is
open.
It
tells
you
when
it's
closed
and
there's
a
million
ways
to
close
something,
but
it
tells
you
that
so
it's
the
only
foolproof
way
of
knowing
I
started
a
connection,
but
the
state
machine
is
telling
me
I'm
closing
that
connection
and
going
to
the
listening
stage.
So
there's
a
lot
of
reasons
for
that.
But
if
you
use
the
state
machine
then
you
won't
have
to
worry
about
that.
Yeah.
B
Yeah,
so
the
state
machine-
yes,
the
the
question
here
is
about
basically
because
the
the
packets
will
be
going
to
one
device.
For
example,
only
let's
say
most
of
the
time
right
and
or
some
packets
will
be
going
through
one
and
the
other.
The
question
is
basically
which
how
to
correlate
the
state
machine
state
across
two
devices,
for
example,.
C
D
A
A
A
A
So
then,
another
one
from
from
the
dash
document
is
aha
protocol
for
syncing
active
flow.
So
I
think
this
again
will
be
reviewed
in
more
details
when
gerald
will
come
forward
with
his
paper.
What
what
modes
of
operation
the
protocol
should
support
so,
especially
if
we're
talking
about
that,
we
need
to,
we
need
to
be
able
to
bounce
the
packets
for
the
same.
If
that
will
be
the
case,
probably
this
will
be
the
only
requirement,
but
then
for
for
updating
the
flows.
A
And
this
one,
I
think
it's
quite
important,
also
from
the
document
aj
protocol-
does
not
need
to
reliably
sync
100
of
the
flows
between
the
cards.
But
again,
as
we
talked
about
this,
there
will
be
trade-offs.
So,
even
though
there
is
no
100
requirement,
I
think,
along
with
the
protocol,
we
need
to
to
define
all
of
the
possible
ways
that
the
protocol
may
fail
to
synchronize
a
connection,
not
only
the
good
cases,
but
also
everything
that
might
go
not
so
well
yeah.
A
E
Yeah
marion,
can
I
make
a
hi
chris
hi,
hey
everybody.
I
don't
know
if
you'll
get
to
this
later
in
here,
because
I
mentioned
on
a
previous
meeting
about
observability
and
if,
if
I'm
jumping
ahead,
let
me
know,
but
I'm
wondering
if
we
ought
to
have
observability
as
a
requirement
and
related
to
that
last
bullet
there.
It
does
not
need
to
reliably
sync
100
flows.
I
think
we
all
agree
in
principle,
but
if
we
don't
have
some
objective
way
of
measuring
or
having
metrics
or
kpis,
then
it
just
becomes
useless
right.
E
B
Right
yeah,
that's
true,
so
we
should
have
a
way
to
measure
this.
I
agree
with
you,
chris
right
and-
and
the
last
bit
point
in
regards
to
does
not
need
to
help
me
seeing
100
of
the
flows
right.
I
actually
don't
want
to
put
it
as
a
requirement.
I
would
like
to
put
it
as
actually
that
preferably
I
would
like
to
be
able
to
unless
there
is
a
banking
algorithm
right
or
we
say
that
some
specific
flows,
because
they
are,
for
example,
being
terminated
or
not
or
doing
established
phases
kind
of
stuff.
B
C
B
C
Goal
as
a
goal
should
think
100
of
the
connection
and
then
we'll
need
to
measure
how
well
that's
achieved
right,
and
so
we
might
find
use
cases
down
the
road
through
observability.
So
I'm
agreeing
with
keysight
through
observability.
We
might
find
cases
that
we
never
thought
of
that
doesn't
allow
the
100
think,
but
it
shouldn't
be
our
goal.
Our
goal
should
be
100,
we
put
in
observability
we
test,
and
you
know
we
will
improve
it
over
time
to
meet
that
goal.
C
E
Cases
and
the
observability
will
also
have
to
be
to
have
to
be
some
somewhat
standardized
too,
so
that
whatever
instrumentation
we
enable
even
the
probably
two
types
of
observability
high
fidelity,
maybe
for
testing
and
probably
lower
fidelity,
lower
resource
intensive
for
live
right.
Maybe
it's
sampled,
maybe
it's!
Maybe
data
are
coalesced
and
emitted
at
a
slower
rate,
something,
but
you
know
we're
going
to
brainstorm
that
it's
gonna
be
a
fun
discussion.
A
A
Make
the
protocol
extendable
in
a
way
that
we
will
support
different
formats
of
the
messages
or
we
can
try
to
incorporate
everything
into
a
single
message
type
either
way
we
go
everything
I
think
should
be
documented.
So
we
will
not
return
back
to
to
that
question.
Hopefully,
in
the
future,
probably
there
is
still
something
that
will
be
left
out,
but
all
of
the
cases
that
michael
mentioned
and
that
we
can
think
of
that
reasonably
fit
into
use
cases
for
dash.
A
C
I
think
this
one
could
be
described
as
examples
either
modes
of
operation
or
packet,
like
you
said.
The
other
way
to
do
it
is
to
in
the
packets
themselves
adding
extensibility
to
the
actual
messaging
one.
One
of
the
other
needs
to
get
done,
or
actually
both
both
can
occur,
some
of
them
okay,
this
mode
of
operation
for
this
mode
of
operation.
You
need
to
have
this
extensibility
the
packet
format,
and
that
that's
true.
C
But
design
in
a
way
that
this
is
possible
because
it's
gonna
have
to
be
possible,
like
I
actually
think
mode,
one
will
always
be
send
all
the
connection
packets
to
the
other,
the
other
guy
make
that
work,
that's
mode
one,
oh
two
is
make
that
way
more
efficient.
Oh
three
is
oh
account
for
slow
dancing,
for
example,
but
I
think
the
first
mode
is
the
simplest
mode.
Easy
to
test
would
be
like
the
one.
A
C
I
don't
know,
did
you
did
you
ever
stay
in
this
requirement?
Like
I
didn't
see
it
explicitly?
I
know
we've
written
about
it,
but
that
that
you
need
to
not
only
be
able
to
fail
and
and
the
other
device
take
over,
but
you
actually
need
to
be
able
to
resync
a
device
that
comes
back
online
or
a
new
device
either
way.
You
have
to
do
a
perfect
thing,
but
I
don't.
I
don't
know
if
I
saw
that
in
the
requirement.
C
So
it's
a
rethink,
a
a
new,
pure
or
rethink
the
fail
appliance
once
it
comes
back
online
right
still
because
it
didn't
software
upgrade
or
whatever,
but
you
have
to
rethink
it
so
that
what
we
call
in
the
paper
perfection
you
can
implement
it
any
way
you
want.
We
gave
an
example,
but
that
has
to
exist
otherwise,
you'd
never
be
able
to
come
back.
B
The
basic
scenario
here
is
that,
even
though,
for
example,
let's
say
there
are
two
pair
devices
right,
if
the
device
comes
back
online
and
receives
the
flows
right,
sometimes
we
do
not
want
as
soon
as
the
device
have
all
the
flow
ratings
to
instantly
advertising
pgp
and
the
example
scenario
here
is,
for
example,
let's
say
there
is
some
big
company
that
we
have
on
the
cloud
that
have
some
very
critical
business.
Let's
say:
there's
black
friday
right,
one
device
fade
over
right
and
and
they
they,
they
notice.
B
Some
like
connectivity,
droppers
kind
of
stuff
right,
and
they
will
tell
us
that
hey
if
you
need
to
service
the
device
back
explicitly
those
kind
of
stuff
right
do
this
outside
of
the
of
outside
of
our
hours
business
hours
right.
So
in
this
case
the
new
device
will
be
brought
online.
Will
single
the
flows
right,
but
we
may
decide
to,
for
example,
control
that
hey
start
advertising
the
bgp
after
we
undo
additional,
for
example,
health
checks
right,
which
means
that
the
help
model
on
our
side
is
more
complicated.
B
It's
not
only
that
two
device
are
in
full
sync
right,
so
so
each
device
basically
should,
in
my
opinion,
maybe
as
requirements
to
report,
something
like
a
sync
status
right.
Whether
for
example,
device
is
not
paired
where
the
or
device
is,
for
example,
right
now,
starting
pairing
devices,
singing
flows
or
the
devices
in
full
like
stable,
ready,
state
and
and
the
connections
kind
of
online
between
the
devices.
So
only
once
we
receive
the
device
is
full.
B
The
device
were
fully
appeared
back
and
then
device
fully
synchronized
all
the
flows
and
are
ready
to
kind
of
like
fully
take
over.
Only
then,
for
example,
we
will
check
some
additional
health
checks
and
then
issue
the
command
from
the
control
plane.
Saying:
okay,
you
can
start
advertising
bgp
and
handling
the
traffic
right.
So
we
need
to
have
a
manual
control
of
this
on
our
side
through
control,
plane.
C
And
that
even
the
manual
control
does
have
an
exception
that,
because
that's
a
valve
case
like
walmart
somebody
says
no,
no,
don't
touch
it.
Wait
till
the
hours
are
over,
but
during
that
time
the
the
the
appliance
that's
working
becomes
not
working.
Obviously
they
would
want
you
to
fail
over
so
the
so
so
the
the
good
case
would
be.
C
You
don't
fail
over
until
somebody
tells
you
to
because
you're
gonna
wait
for
the
window,
but
also
if
it
does
fail
completely,
then
obviously
you
want
the
other
one
to
take
over,
even
though
they
didn't
explicitly
say
that
because
then
they'd
be
out
right,
we
don't
want
that.
But
so
you,
you
almost
have
like
an
explicit
motive.
Saying
don't
fail
over
unless
there
is
a
true
failure
and
then
you're
waiting
for
some
operator
to
come
down
and
explicitly
say
to
fail,
but
so
it
can
be
as
complicated
as
that
right.
B
B
C
Yeah
little
state
machine
that
we
need
to
be
in
kind
of,
so
that
you
can
view
what
what
what
is
the
true
state
and
I
think,
waiting
for
well,
you
know
waiting
for
thinking
wednesday,
and
then
you
know
the
other
state
is
I
couldn't
wait?
You
know
I
can
feel
a
little
bit,
but
you
should
be
able
to
observe
that
if
that
would
ever
happen,
so
there
needs
to
be
a
little
state
machine
right.
B
Yeah
and
additionally
mention
is
that
we
want
to
have
a
have
ability
to
sync
the
flaws,
but
we
don't
want
you
guys
to
sink
the
config,
so
basically
config
will
be
providing
on
our
side.
So
basically
the
device
will
start
up,
let's
say
completely
new
right
and
we
will
provision
the
config.
So
you
guys
just
need
to
basically
see
the
flows
right.
B
It
will
provision
the
config,
and
this
is
one
of
the
reasons
why
we
need
to
manual
control,
because
even
if
the
flows
are
fully
sync,
but
let's
say
device
got
fully
rebooted
and,
let's
say
configure
loss
right.
We
still
need
to
have
acknowledgement
from
control
plane
that
we
fully
configure
the
device
correctly
with
all
the
correct
policies
which
are
up
today
before
allowing
to
bgp
to
be
fully
advertised.
A
So
I
want
to,
I
want
to
understand
a
little
bit
better
about,
let's
say
automatic,
failover
and
manual
failover.
I
don't
know
about
the
others,
but
I
didn't
really
get
the
difference
between
those
two
and
I
don't
before
moving
forward.
I
probably
would
need
to
understand
what
is
the
trigger
for
automatic.
B
A
B
Let's
say
we
actually
need
to
service
one
device,
let's
say
update
firmware,
and
this
cannot
be
up
there
by
ssu
and
and
kind
of
in
flight
right
so
kind
of
we
need
to
close
one
device.
Then
you
will
issue
that
okay
put
this
device
offline,
so,
basically
explicitly
you
need
to
have
ability
to
issue
the
command
to
the
device.
B
Let's
stop
advertising
the
wgp
vip
right,
make
sure
all
the
kind
of
connections
move
out
of
the
device
right
in
kind
of
gradual
natural
way
right
and
we
should
have
some
magic
to
figure
out
also
are
those.
Are
the
new
connections
still
coming
to
the
device
where
the
full
with
the
device
like
fully
shut
down?
Regards
to
all
the
flows
are
fully
synced,
this
kind
of
stuff,
and
then
we
will
turn
off
the
device
like
in
a
way.
Okay.
Now
we
can
service
it
right,
and
it's
kind
of
the
my
manual
fade
over
case.
B
B
It
will
start
seeing
the
flows,
we'll
basically
monitor
this
kind
of
status,
the
racing
status
and
when
the
status
fully
they
come
back
online
after,
for
example,
servicing
and
all
the
flows
are
kind
of
sync
right,
we'll
confirm
on
our
control
plane
additional
help
metrics,
including
the
staff,
have
we
programmed
the
latest,
the
latest
configuration
and
this
kind
of
stuff
right
and
then
you
will
say:
okay,
everything
is
fine.
All
the
kind
of
checkboxes
are
green,
now
advertise
bgp
again
on
this
device
and
make
this
device
fully
online.
B
So
this
is
the
differences
between
manual
feed
over
versus
there's,
explicit,
failover
right
or
sometimes
you
may
notice
that
let's
say
some
devices
behind
some
torque,
which
is
misbehaving
right
and
we
actually
need
to
potentially
remove
this
device
and
this
kind
of
this
manual
failover.
So
only
one
device
will
be
active,
for
example,
and
then
bring
up
different
pairing
device
behind
some
different,
or
this
would
be
the
manual.
A
A
B
True
from
the
point
of
view
of
the
control
plane
right,
so
the
control
plane
will
not
tell
anything
more
to
the
other
device.
The
control
plane,
basically
will
say:
okay
shut
out
this
device
and
and
like
primary
device,
let's
say,
and
the
primary
device
then
using
the
sync
protocol
we'll
need
to
communicate
it
like
hey,
I'm
shutting
down,
for
example,
but
but
the
question
is
like
doesn't
need
to
communicate
right
because
because
therapy
once
it
stops
advertising
the
vp
right,
then
basically
the
scene
anyway
happened
right.
B
So
it
just
needs
to
make
sure
that
this
device
completes
the
sync.
So
maybe
even
the
other
device
doesn't
need
to
know
from
from
the
other
device.
It
is
just
basically
we're
just
thinking
the
flow
in
one
direction
only
and
then
at
some
point.
Basically
we'll
stop
syncing
the
flow,
because
there's
no
new
connections
arriving
right
and
then
we
just
disconnect
so
the
other
device
may
think
about
the
devices
goes
disconnected.
Definitely
it
makes
sense
to
to
submit
to
this
like
h8
protocol.
B
B
B
So
basically
the
device
will
say:
hey,
I'm
basically
syncing
with
the
flow,
because,
basically
in
a
second
I
want
to,
for
example,
shut
down
myself
right
and
then,
when
the
device
come
back
online
right,
it
will
basically
re-establish
the
pairing
connectivity
with
the
other
device
right.
So
normally
open
the
port,
open
the
connection
and
then
say:
okay,
say:
okay,
I'm
just
new
device.
That's
back
online
pressing
me
back
the
flows
right,
yes
and
then,
and
then
so
this
should
be
inside
the
aha
protocol
right.
B
C
C
Yeah,
I
think
this
is
bgp
more
signaling,
where
you
can
you
both
have
as3
pre-pin
from
the
beginning,
but
when
the
other
device
takes
over,
it
becomes
a
shorter
it
advertises
without
aspen
or
with
less
aspen
becomes
the
preferred.
But
when
you
go
back,
you
advertise
again
the
same
ib
prefix
with
the
pre-panda
game.
That
way
you
can.
You
can
shift
all
topics
back
and
forth
through
bgp,
which
is
what
you
need
to
do
because
you
you've
said
I
I
want
you
to
now
take
over.
You
are
extinct.
You
did.
C
C
C
D
C
B
Yeah,
so
the
state
machine
and
control
pane
will
do
we'll
just
see
the
6000
and
we'll
say:
okay
start
with
the
ptp
right,
and
I'm
thinking
that
definitely
once
we
want
the
device
to
advertise
in
pcp.
The
device
should
also
communicate
to
the
other
pair
that
hey
I'm
advertising
bgp,
because
maybe
this
somehow
changes
the
internal
sync
protocols
kind
of
stuff.
So
so
I'm
not
quite
sure.
If,
basically,
the
sync
protocol
state
machine
will
somehow
rely
on
information
which
devices
advertising
bgp
right,
but
it
may
so.
B
F
C
No,
no
because
they're
in
sync
it
doesn't
know
it
doesn't
even
know
those
two
devices
that
the
the
flows
from
the
vm
will
just
magically
arrive
on
the
other
appliance.
It's
already
synced
up.
It
will
process
that
flow,
just
like
the
the
standby
or
the
primary,
either
way.
So
the
vm
doesn't
know
this.
It
has
no
idea,
it's
still
sending
sending
the
same
channel
information.
It
always
has.
It
doesn't
actually
know
where
it
lands.
It
doesn't
need
to
know
where
it
lands,
because
everything's
in
sync.
B
Yeah
vm
should
not
know
anything
that
that
happens
like
because,
like
right
now,
for
example,
the
tour
dice
right
vm
doesn't
know
because,
because
stores
are
just
like
somewhere
in
the
middle
right
and
and
the
same
with
this,
this
is
just
forwarding.
Appliances
like
in
the
middle
and
vm
should
know.
Vm
basically
says
traffic
to
the
to
the
vp.
It
doesn't
care
which
appliance
takes
care
of
the
vpn
from
the
point
of
view
of
availability,
the
vp
should
be
just
available
and
every
single
flow
should
be
working.
B
F
C
C
Exactly
yeah,
so
you
they're
just
sending
it
to
what
they
think
is
a
card,
for
example,
and
that
card
now
is
on
the
other
device.
It
doesn't
know
that
it
just
knows
it's
sent
it
to
a
bit
and
that
dip
is
used
to
be
on
this
appliance.
It
doesn't
know
that,
but
it
arrived
there
and
then
now
it's
arriving
somewhere
else
because
of
that
appliance
went
away,
it's
still
the
same
vip,
so
all
its
packets,
through
networking,
the
underlay
will
migrate.
C
The
primary
is
always
the
shortest
length,
but
it's
if
it's
not
there,
then.
Obviously,
the
secondary
is
the
shortest
one,
because
it's
the
only
thing
being
appetized,
but
once
the
primary
starts
re-advertising
the
shorter
length,
then
everything
will
migrate
back
to
the
primary
or
at
least
the
connections
that
were
going
for
that.
C
C
F
F
C
Remember
the
the
whatever
was
the
secondary
will
continue
to
process
any
packet
that
arrives
on
it
right,
and
it
will
continue
to
sync
that
dynamically,
with
the
other
side
pull
it
until
it
actually
has
handed
over.
It.
Doesn't
care
they're
both
they're.
Both
packets
could
arrive
on
either
one,
and
they
would
both
call
it
until
it's
in
the
state,
where
only
one
should.
A
Yeah,
which
brings
me
to
the
next
thing
that
I
think
we
need
to
focus
on,
because
up
till
now
we
were
only
discussing
this.
So
I
think
the
next
important
step
would
be
to
put
everything
on
the
paper
and
have
a
detailed
description,
maybe
with
the
diagrams
for
every
flow
that
that
we
can
think
of
and
how
we
from
from
control
plane
point
of
view
from
data
plane.
Point
of
view
how
we
see
them
working
before
we
actually
go
to
defining
the
protocol.
A
C
Yeah
without
doing
that,
you're
going
to
be
lost
because
everything
will
be
an
exception
later
on.
So
I
think
that
we
should
concentrate
on
you
know
what
are
the
requirements
for
the
state
machine.
Michael's
already
said
that
we
want
to
have
a
state
machine
that
doesn't
allow
the
automatic
sailback
until
told,
but
also
you
know,
if
it
still
fails,
then
obviously
we
want
it
to
fail
over
as
a
last
resort
and
all
that
needs
to
be
decided
by
the
state
mission.
C
So
I
think
the
requirements
should
be
against
like
the
state
that
you
should
be
able
to
support,
and
if
we
get
that
right,
then
we
can
start
moving
on
to
to
do
other
things,
because,
like
we
already
discussed,
we
don't
need
to
define
bvp.
We
just
need
to
define
a
state
that
that
tells
the
software
to
initiate
the
vpp.
A
C
C
D
E
E
So
I
showed
these
last
week,
but
I
didn't
have
the
third
appliance
c
and
down
below
I
added
a
plant.
The
third
switch-
and
I
believe,
michael
might
have
said
you
know
this
torsi
would
connect
to
the
t2
tiers.
So
if
I
can
just
get
a
little
clarification,
if
the
group
thinks
these
pictures
are
helpful,
we
can
merge
them
into
the
main
document.
B
B
So
so,
basically
the
pairing
appliances
would
be
farther
away,
because
sometimes
the
appliances
will
be
in,
like
the
the
the
other.
Basically
paired
appliance
may
not
be
able
to
basically
fit
physically
in
the
center
under
the
same
t1.
Okay.
So
so
it's
also
basically
in
principle,
because
that
the
original
diagram
was
showing
something
different.
The
original
diagram
was
showing
two
appliances
which
which
were
basically
cross
cross
wires
to
the
same
t0,
and
then
they
were
connecting
it
to
once.
B
That's
correct
right,
but
the
but
but
but
the
sync
process
was
not
between
those
kind
of
appliances.
The
same
process
will
be
most
likely
behind
their
plans
and
maybe
we
can
put
under
the
same
t1,
but
most
likely
there
will
be
they'll,
be
under
different
t1,
so
they
will
be
only
connected
with
t2,
so
so
just
small
changes.
I
think.
E
It
would
be
very
helpful
if
you
could
just
make
comments
on
that
pr
itself
and
then
I
can
adjust
the
diagram
and
then
we
can
look
at
it
one
more
time,
but
it'd
be
nice
just
to
move
this
along,
so
we
don't
have
pr's
floating
around,
so
anything
I
want
to
make.
I
would
really
appreciate
I'll
tweak
the
diagram
and
then
we
can
look
at
it
one
more
time.
E
C
B
C
So
I
think
what
you
need
to
do
is
to
draw
a
little
cloud
there,
because
we
don't
know
what
that
there's
no
direct
line
there
could
be,
but
there's
no
guarantee.
So
you
put
a
little
cloud
there
and
that
indicates
that
that
control
channel
is
going
over
a
network
yeah
it
doesn't.
It
doesn't
really
matter
how
big
the
network
could
be.
Big
could
be
small
could
be
direct
connect,
it's
a
network.
I
think
that
would
solve
that
mic
consume
yeah.
B
C
D
C
E
C
E
Well,
that's
what
the
pr
does
it's
just
the
same.
I
want
to
make
the
following
change,
so
I'm
adding
it
to
the
document
via
the
pr
okay,
so
you'll
do
that
now
everybody,
oh
I'll,
it'd,
be
nice
to
have
a
few
comments
in
there.
Just
so
I
don't
forget
details
and
then
I'll
update
the
document,
the
drawing
and
it
will
still
be
in
the
pr
and
then
we'll
say,
okay
approved.
E
F
C
No
three
note
is
like
a
perfect
example
that
the
the
the
primary
fails,
but
it's
permanently
filled,
it's
dead,
it's
broken
and
we
need
to
replace
it.
Well,
you
need
a
third
node
because
we're
going
to
repair
to
a
working
device
right,
so
the
third
node
is
important
to
have
there
because
for
that
to
occur,
you
have
to
do
a
perfect
thing.
For
example,
you
got
to
bring
it
up
from
nothing
and
and
so
there's
different
requirements
when
you
do
that,
so
the
the
third
node
is
not
active.
It's
it's!
You
go
to
that.
C
D
C
B
C
C
Well,
it
could
be
slightly
different.
We'd
have
to
look
at
that,
but
the
slightly
different
could
be
what
its
role
is
like,
whether
it
is
primary
or
secondary
or
whatever
I'm
not
sure
it
could
be.
That
going
back
is
the
same
as
but
the
the
difference
is.
Is
this
new
device
needs
to
be
totally
provisioned
from
scratch
like
the
old
device
could
go
like
all
of
those
cpus,
for
example,
could
go
down,
but
the
provisioning
is
still
there.
Then
the
whole
appliance
doesn't
need
to
be
reprovisioned.
C
It
may
be
just
a
software
update
to
the
to
the
actual
gpus
themselves,
whereas
a
new
appliance
it
would
be,
it
has
nothing.
It
has
no
knowledge
nothing
inside
of
it.
That
knows
anything
about
the
service.
So
that
could
be
just
like
one
example.
I
think.
For
the
most
part
they
would
be
the
same,
but
we
just
need
to
draw
it
so
that
we
don't
forget
that
that's
the
scenario
and
that
account
for
it,
and
we
don't
you
know
just
assume.
Oh
there's,
no
more
cases
there.