RE: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . .



-----Original Message-----
From: David Lang [mailto:dlang@xxxxxxxxxxxxxxxxxx]
Sent: Friday, April 07, 2006 4:21 PM
To: Keith A. Glass
Cc: firewall-wizards@xxxxxxxxxxxxxxxxxx
Subject: Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load
balancing firewallsthat are also scalable and modular. . .

On Tue, 4 Apr 2006, Keith A. Glass wrote:

. . . .Here's my situation:

We're currently spec'ing functional requirements for a new web-based
implementation of a number of enterprise apps. One obvious problem is
the firewall system: it needs to be both load-balancing and high-
availability, AND scalable. We're still getting a feel for potential
traffic, but we expect to have a requirement for in-line expansion of the

system while remaining online.

high-availability is easy to understand the requirements for.

load-balancing is only a requirement from a marketing/management point of
view unless you can define your third point

Customer wants it. Pretty much non-negotiable point. . .

scalable. scaleable to what? are you talking an Internet connection where
you have a need for multiple T-1 lines? multiple DS-3 lines? multiple
OC-12 lines? or are you talking local networks where you have 100Mb
ethernet? or gig ethernet? or 10gig ethernet? are you talking just a
couple of these networks or are you talking about dozens of these
networks?

We have initial estimates of 300-500 GB/day in SMTP traffic alone, due to an
application that typically sends data in via SMTP in 2MB bundles. But they
ALSO want to up the resolution of the graphics inside the bundles, so we've
been told to expect an order of magnitude jump about the time we start
implementing in the 2008-2009 timeframe. And the data will tend to peak and
valley a lot. . . So, realistically, we're talking an initial traffic of 3-5
TB/day in SMTP alone.

We have multiple OC's coming in, bandwidth isn't the immediate worry, it's
throughput. . .

sorry for the rant, but you managed to hit one of my current sore points
(I just got out of a meeting with an engineer who claimed that we couldn't
do something becouse of the huge load that it would cause, when that load
consisted of one extra network hop for one out of hundred connections :-/

No biggie. We're literally just starting to do the requirements analysis,
but we also want to talk to vendors in the fairly near future to get a feel
for what they have coming down the line. . .

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.3.5/303 - Release Date: 4/6/2006


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • RE: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also
    ... you have a need for multiple T-1 lines? ... couple of these networks or are you talking about dozens of these ... a lot of peaks it's reasonable to say that your peak traffic is 2-3x that value. ... Even with that you should keep in mind that Internet use imposes a latency overhead, so you shouldn't let people get worked up about small latencies within your network or your firewalls. ...
    (Firewall-Wizards)
  • Re: Golden Oak - Day 2 of 6
    ... to program entertainment, lighting or security ... switched wired networks were capable of handling multiple HD video streams. ... Most wifi systems couldn't reliably handle one HD stream. ...
    (rec.arts.disney.parks)
  • Re: [opensuse] Multiple Network Card Problem on openSUSE 10.3
    ... I have configured multiple interfaces on the same ... I commonly do this on my laptop where I have to plug into different networks ... multiple IP's for the same interface (all on different subnets) helps to ... multiple host names with dns entries pointing to the same IP address, ...
    (SuSE)
  • Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also
    ... are you talking an Internet connection where you have a need for multiple T-1 lines? ... or are you talking local networks where you have 100Mb ethernet? ... are you talking just a couple of these networks or are you talking about dozens of these networks? ... as others noted load balanceing is seldom needed for technical reasons, and it's impossible to answer anything about scalability without knowing what sort of scale you are talking about. ...
    (Firewall-Wizards)