|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RE: Rainwall-E vs StoneBeat FullCluster
Hello again, Sorry to perpetuate the thread, but before letting the topic rest I must respond to a few points made by Mark Boltz of StoneSoft in his post this morning: He wrote, "Mr. Decker made it known in some personal correspondence that the Web site is undergoing revision, and so 1.5 should be available soon.". Even though our website needs updating, Rainwall 1.5 is available for purchase today, and anyone may download software for Rainwall v1.5 on Solaris, including the user manual, from the Check Point OPSEC partner page at http://www.checkpoint.com/opsec/partners/rainfinity_e.html. To obtain a 30-day evaluation license key, send your contact information to [email protected]. He then asked, "If their approach to load balancing and clustering is a viable solution, then why does Mr. Decker make a point that Rainwall 1.5 '...adds a Single-IP option for those who want it'?" Viability of the Multiple-VIP approach is not an issue; it has been proven by satisfied customers worldwide. We added this option purely for the convenience of our customers. With network clustering, as in all things, there is a tradeoff between simplicity/convenience and power/flexibility. A Multiple-VIP configuration is much more flexible and scalable than a Single-IP setup, but it does require planning and forethought prior to deployment. Our Single-IP option is for people who want to do a quick drop-in deployment initially to address their immediate HA needs, and then migrate at their leisure to a more advanced Multiple-VIP configuration to allow better scalability. Rainfinity now gives customers the best of both worlds: a choice of Single-IP or Multiple-VIP, while our competitors offer only the less-scalable approach. StoneSoft also said, "Multicast is NOT duplicate packets, one to each interface...it is the efficient transmission of the same packet to multiple interfaces simultaneously". A fine piece of hairsplitting, but irrelevant to my original point. Semantics aside, with the Single-MAC approach, every packet intended for the firewall is still sent to every node in the cluster, and every machine must receive the packet, open it, and figure out whether to pass it up to FW-1 or throw it away. In a ten-node cluster, each machine is making this decision for its own packets plus all the packets of all 9 of its neighbors. If firewall load is balanced evenly across all ten nodes, each node is needlessly examining and discarding 90% of the traffic it receives. My point was that Rainwall does not suffer from this overhead, and that is one of the reasons Rainwall can scale performance linearly. Mr. Boltz claims superior load-balancing because "we balance connections, not IPs". He neglects to mention that Rainwall 1.5 offers BOTH coarse-grained per-VIP load balancing and fine-grained per-connection load balancing. So again, Rainfinity offers a choice, where our competitor does not. Finally, he wrote, "If you need 600 Mbps through a cluster, then you need Gigabit Ethernet anyway". Some customers may want GigE for other reasons, but this statement is not necessarily true for all. RAIN clustering allows such speeds using inexpensive Fast Ethernet hardware. Has anyone priced out GigE NICs, GigE switches, and GigE router interfaces lately? Compare the total hardware cost of a 300Mbps-capable Multiple-VIP design to the cost of a 300Mbps-capable Single-MAC design, and your choice becomes obvious. Regarding gratuitous ARP, our customers have not found it to be a significant issue, but if anyone has specific questions, feel free to email me at the address below. We are also preparing a technology white paper that specifically compares Single-MAC vs. Multiple-VIP in detail. It will eventually be posted on our website, but if you'd like to receive an advance copy, email me directly. There is also a white paper describing our next-generation clustering technology and VIPs in general at http://www.rainfinity.com/products/rain_tech.shtml. Best regards, Mark L. Decker [email protected] www.rainfinity.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
