[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Rainwall-E vs StoneBeat FullCluster
Tom & Scott, OK, if you insist. First, let's establish how these products are similar: Both allow you to cluster together up to 16 firewall machines (nodes). Both are intended to provide High-Availability and Load Balancing. Both are available for FW-1 on Solaris, NT, or Linux. Both are sold as "software only" solutions (although StoneBeat requires additional HW). Now, how they are different: Architecturally, the two products are as different as night and day. StoneBeat achieves clustering at Layer 2, by cheating the rules of Ethernet to allow more than one machine to have the same MAC address. Rainwall achieves clustering at Layer 3, by creating a pool of Virtual IP addresses (VIPs) that float dynamically among nodes in the cluster. With Rainwall, each machine still has its own unique, legal MAC address. This difference has profound performance implications. To illustrate the performance difference, let's compare a 4-node Rainwall-E Cluster with a 4-node StoneBeat FullCluster. In this scenario, let's say you're running FireWall-1 with a typical rulebase on a typical Sun Solaris box using typical Fast Ethernet NICs. The Rainwall cluster is going to give you somewhere around 300-350Mbps of throughput, depending on CPU speed and policies. The StoneBeat cluster is going to give you less than 100Mpbs of throughput. Let's say you then add 4 more nodes to each cluster. The Rainwall cluster now delivers more than 600Mbps, while the StoneBeat cluster is still grinding along at less than 100Mbps. Why isn't the StoneBeat cluster getting any faster? That's a very good question. The answer is that StoneBeat is crippled by their Layer 2 clustering technology. Because StoneBeat uses a single-MAC approach, their solution is not compatible with LAN switches, and can't take advantage of the benefits of switching. And, when all machines share the same MAC address, all machines must receive and process all packets. That means high overhead. The actual speed of a single-MAC cluster will never exceed the speed of a single NIC. You could have 16 nodes in a FullCluster, and still get less than 100Mbps of throughput. Actually, 100Mbps is not really achievable, because you must subtract all that LAN overhead. Rainwall, on the other hand, scales elegantly and linearly. Every time you add a Rainwall node, you add capacity and throughput with minimal overhead. Other differences: -Rainwall-E does not require a dedicated 'heartbeat LAN'. To avoid single points of failure in a StoneBeat cluster, you must add two NICs to each firewall and hook them up to two separate, dedicated hubs, just to support cluster management traffic. -Rainwall-E is OPSEC-certified for Load-Balancing including VPN-1; StoneBeat FullCluster isn't. -Rainwall-E list price is around $6,000 less than StoneBeat FullCluster in a 4-node configuration. When you add cost of additional hardware for heartbeat LANs, StoneBeat gets even more expensive. -Rainwall-E is easy to install. We add only 4 rules to the firewall and 2 commands to the router. Rainwall requires no installation of NICs or tweaking of MAC addresses, and licensing is not bound to IP addresses. Anyone who has installed StoneBeat before will know why these are issues. Apologies for the rant, but I just think we've got way cooler technology, and can't help bragging about it. Comments welcome. Mark L. Decker Rainfinity [email protected] Message----- From: [email protected] [mailto:[email protected]] Sent: Saturday, September 23, 2000 8:19 PM To: [email protected]; [email protected] Cc: [email protected] Subject: [fw1] please! Please, offend! I would like to find out more about both products! I have worked with both on several occasions and like both for different reasons! This is a cp list, Lets debate! You've got several 100/1000 engineers out there listening! State your cases! Thomas Poole -----Original Message----- From: Mark Decker [mailto:[email protected]] Sent: Friday, September 22, 2000 5:37 PM To: Scott Schindler Cc: [email protected] Subject: RE: [FW1] Why choose Nokia? Here's why. Scott, I'd love to debate at length why Rainwall is superior to StoneBeat, but don't want to offend by shamelessly promoting our product on this list. Suffice it to say, that in my personal opinion, when it comes to ease-of-installation, performance, scalability, and cost, Rainwall-E beats the other choices hands-down. I think these factors explain the surge in popularity of Rainwall. We're always ready to be compared side-by-side with StoneBeat. However, Mark Boltz and I are each inevitably biased toward the solution that feeds our respective families. If folks are interested in this topic, may I suggest a new SB vs. RW thread, where users who've looked at both can share their experiences? Mark and I can jump in where appropriate to respond to questions or provide technical information. Mark L. Decker Rainfinity [email protected]==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|