Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Maximum Throughput? - 1 GBit/s required

To: Peter Lukas <[email protected]>
Subject: Re: [FW1] Maximum Throughput? - 1 GBit/s required
From: [email protected]
Date: Tue, 14 Nov 2000 12:45:14 -0500
Cc: "Chris 'Chipper' Chiapusio" <[email protected]>, Daniel Wirth <[email protected]>, "Checkpoint Mailingliste (E-Mail)" <[email protected]>
Sender: [email protected]



Peter,

Your statements about StoneBeat FullCluster are misleading or erroneous.

> Because the FullCluster method utilizes (rather improperly)
> a multicast address to address multiple firewall devices, you
> will never exceed the maximum throughput available on a given
> interface.

We do not "improperly" use multicast addresses. Our use of multicast MAC
addresses follows Ethernet multicast standards.

> For example, a 3-node cluster with 100Mbps Full-Duplex interfaces will
> max out at 100Mbps (theoretical maximum).  Since traffic must be
rebroadcast
> to all interfaces in the cluster via the multicast address, all
interfaces

Multicast traffic is not "rebroadcast" to interfaces. It is the
transmission
of a single datagram to multiple interfaces at the same time. And any
interface
running at 100 Mbps full duplex will theoretically handle 200 Mbps, not 100
Mbps.

The traffic throughput through a firewall is not bottlenecked at the
interface
anyway, but by the firewall software, which performance is determined by
the
use of NAT, VPNs, number of rules, and other factors.

> It would be possible to exceed the interface's capacity by utilizing
> multiple interfaces (like an etherchannel configuration).  The stonebeat
> HA software can be configured in a load-balancing configuration which may

The StoneBeat HA software does not perform load balancing. It is a basic
high
availability or load sharing solution. StoneBeat FullCluster performs load
balancing,
and does so up to 16 nodes per cluster. FullCluster also supports the use
of
multiple cluster IP addresses, which would increase its potential
throughput
of the limitations you suggest. That's assuming someone wants to lose the
transparency of the network device, and deal with the problems of a
multiple
IP environment and the complexity it introduces.

----------------------------------------------------------------
Mark Boltz                                       Stonesoft, Inc.
Network Security Specialist           115 Perimeter Center Place
[email protected]              South Terraces, Suite 1000
Tel:Atlanta, GA 30346
Cel:USA
Fax:http://www.stonesoft.com


New support numbers!
Toll free:Other areas:================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] Maximum Throughput? - 1 GBit/s required
  - From: Peter Lukas <[email protected]>
- Re: [FW1] Maximum Throughput? - 1 GBit/s required
  - From: Cameron L Palmer <[email protected]>

Prev by Date: [FW1] RE: Patches for CPF1 SP2
Next by Date: [FW1] "deauthorize" message in log file
Previous by thread: Re: [FW1] Maximum Throughput? - 1 GBit/s required
Next by thread: Re: [FW1] Maximum Throughput? - 1 GBit/s required
Index(es):
- Date
- Thread