Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . .

On Tue, 4 Apr 2006, Keith A. Glass wrote:

. . . .Here's my situation:

We're currently spec'ing functional requirements for a new web-based implementation of a number of enterprise apps. One obvious problem is the firewall system: it needs to be both load-balancing and high-availability, AND scalable. We're still getting a feel for potential traffic, but we expect to have a requirement for in-line expansion of the system while remaining online.

high-availability is easy to understand the requirements for.

load-balancing is only a requirement from a marketing/management point of view unless you can define your third point

scalable. scaleable to what? are you talking an Internet connection where you have a need for multiple T-1 lines? multiple DS-3 lines? multiple OC-12 lines? or are you talking local networks where you have 100Mb ethernet? or gig ethernet? or 10gig ethernet? are you talking just a couple of these networks or are you talking about dozens of these networks?

as others noted load balanceing is seldom needed for technical reasons, and it's impossible to answer anything about scalability without knowing what sort of scale you are talking about. In most cases a single high-capacity box (plus HA backup) can easily handle the full load, and the percentage of cases like this is growing as boxes get faster (which is happening at a faster rate then the communications links)

sorry for the rant, but you managed to hit one of my current sore points (I just got out of a meeting with an engineer who claimed that we couldn't do something becouse of the huge load that it would cause, when that load consisted of one extra network hop for one out of hundred connections :-/ )

David Lang

--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • RE: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also
    ... you have a need for multiple T-1 lines? ... couple of these networks or are you talking about dozens of these ... a lot of peaks it's reasonable to say that your peak traffic is 2-3x that value. ... Even with that you should keep in mind that Internet use imposes a latency overhead, so you shouldn't let people get worked up about small latencies within your network or your firewalls. ...
    (Firewall-Wizards)
  • Re: hyper threading.
    ... - The total CPU time for each thread increases. ... - The total system load on a per process basis increases. ... If you run a single-thread benchmark on a MP system, ... with multiple processors, even HT processors. ...
    (freebsd-questions)
  • Re: hyper threading.
    ... - The total CPU time for each thread increases. ... - The total system load on a per process basis increases. ... If you run a single-thread benchmark on a MP system, ... with multiple processors, even HT processors. ...
    (freebsd-questions)
  • Re: hyper threading.
    ... user space appllications will see similar numbers. ... >> course increases the system load. ... >> multiple physical processors. ... >> Nothing needs to be specially optimized for hyperthreading. ...
    (freebsd-questions)
  • Re: Help with theory question on network topology
    ... > of devices are attached to each of the networks. ... Are you talking only about level two, that is ethernet & token ring? ... Also, define gateway. ...
    (comp.dcom.lans.ethernet)