Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . .

On Sun, 9 Apr 2006, Oliver Humpage wrote:

On 8/4/06 12:52 am, "David Lang" <dlang@xxxxxxxxxxxxxxxxxx> wrote:

5TB/day is a sustained 60MB/sec (1 1/2 DS-3's or so), given that you have
a lot of peaks it's reasonable to say that your peak traffic is 2-3x that
value. you are still talking about ~200Mb/sec of traffic.

Is that not 200MB/sec = 1600Mb/sec? I.e. you either need to load balance, or
get a box with >1Gbps ports in it?

If I did make the Bytes/bits mistake (not having the original message handy to check I don't know) then the average traffic would be ~500mb/sec (min 4 OC-3 lines or 1 OC-12 line) with the peak being significantly higher then that.

if you are talking about 8+ OC-3 (2+ OC-12) lines then you either need to split the traffic to keep it well below 1Gb/sec for each set of boxes, or you are going to 10Gb ethernet.

just load balancing won't solve this as your routers would need >1Gbps ports on it (assuming that a setup this large will have the lines connected to different carriers and be running BGP for telco failover). but if you segement your address space to different interfaces on the routers then you can split things so that each interface (and therefor each firewall, and set of servers) doesn't need to exceed 1Gbps

as for the need to load balance the firewalls, it is getting closer to the point of needing to, but checkpoint has quite a few boxes rated at 3-4Gbps (including that $30k Opteron based sun I mentioned) so even discounting their rateings to real-world values you may not need to load balance yet.

it's actually far easier to troubleshoot multiple sets of boxes that are not load balanced then one (smaller) set of boxes that are.

David Lang

Oliver.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


--
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • [HPADM] Login delay
    ... Our environment is mostly HP-UX boxes with some Solaris boxes still ... Some of the SUN boxes are NIS slaves and in some buildings the HP ... from the console or remotely when they bind to particular SUN slaves. ...
    (HP-UX-Admin)
  • Re: New 32-bit (x86) computing options from Sun, Oracle, and Red Hat explained today.
    ... > Because Dell systems are generally crud. ... Meanwhile our DELL boxes keep on plugging away running FreeBSD. ... I'm really sick of Sun boxes that go "RED STATE EXCEPTION" and fall ...
    (comp.unix.solaris)
  • Re: heat value in each color in sunlight - science demo doesnt workwell
    ... This will minimize the transfer of heat between the boxes. ... > layer of the appropriate color on the side facing the sun. ... > - Locate the boxes outside as the window glass will attenuate certain wavelengths of light. ...
    (sci.astro.amateur)
  • Re: Solaris and Linux comparison
    ... Sun Ultra 1 w/ multiport serial board acting as the console terminal, ... Sun Ultra 10 running spacecraft ground station control software. ... Quad processor Sparcstation 20 as target hardware for the SMP board ... I'll point out that none of the above boxes are webservers, ...
    (comp.unix.solaris)
  • Load Balance WS
    ... Hi All, I have a Web Service which is being called heavily, I have 4 spare ... boxes to use. ... How can I load balance my WebServices across them. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)