[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Maximum Throughput? - 1 GBit/s required
Because the FullCluster method utilizes (rather improperly) a multicast address to address multiple firewall devices, you will never exceed the maximum throughput available on a given interface. For example, a 3-node cluster with 100Mbps Full-Duplex interfaces will max out at 100Mbps (theoretical maximum). Since traffic must be rebroadcast to all interfaces in the cluster via the multicast address, all interfaces will receive the traffic, even though one node actually ends up processing it. It would be possible to exceed the interface's capacity by utilizing multiple interfaces (like an etherchannel configuration). The stonebeat HA software can be configured in a load-balancing configuration which may produce a desired result. Only 2 nodes could be used, though. Peter Lukas On Mon, 13 Nov 2000, Chris 'Chipper' Chiapusio wrote: > > > I intend to install a cluster (using StoneBeat FullCluster) that will need > to scale over 1Gb/s in the future. Based on the data on checkpoints site > (refrenced below) I have chosen to use Dual Xeon Linux boxes from VALinux. > I'll be starting with 4 FW's which theoreticly should be capable of over > 800Mb/s > > Choose a clustering technology that you are comfortable with, and a system > architecture and buy enough to handle your load +1. > > Chipper > > On Mon, 13 Nov 2000, Volker Tanger wrote: > > > > >Greetings! > > > >Daniel Wirth wrote: > > > >> for a project, we need to know the maximum throughput. Let's say we need 1 > >> GB/s per Node in a cluster. Is anyone experienced with such a bandwidth? > > > >> What kind of hardware is to be used? I think of a Sun Enterprise 450 with 4 > >> CPUs or one of those new UltraSparc III machines. > > > >As the filter module of Ckeckpoint's Firewall-1 runs in kernel-mode you won't > >benefit from multiple CPUs - except if you are using security servers or encryption. > > > >According to Ckeckpoint's performance brief > >(http://www.checkpoint.com/products/firewall-1/pbrief.html) it does not seem likely > >to reache the 1Gbit/s throughput you need. > > > >Bye > > Volker > > > > > > > >-- > > > >Volker Tanger <[email protected]> > >-------------------------------------------- > >Sr. Security Engineer Tel. +49-69-92901-570 > >-------------------------------------------- > >Global One > > Global Security > > Global Service Engineering > > > > > > > > > >================================================================================ > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > >================================================================================ > > > > ------ > Please encrypt anything important. > PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D > > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|