[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Maximum Throughput? - 1 GBit/s required
The multicast is part of the IGMP snooping protocol. Correct? I think Stonebeat has a very elegant solution. I also like the Stonebeat DNS Cluster. [email protected] wrote: > Peter, > > Your statements about StoneBeat FullCluster are misleading or erroneous. > > > Because the FullCluster method utilizes (rather improperly) > > a multicast address to address multiple firewall devices, you > > will never exceed the maximum throughput available on a given > > interface. > > We do not "improperly" use multicast addresses. Our use of multicast MAC > addresses follows Ethernet multicast standards. > > > For example, a 3-node cluster with 100Mbps Full-Duplex interfaces will > > max out at 100Mbps (theoretical maximum). Since traffic must be > rebroadcast > > to all interfaces in the cluster via the multicast address, all > interfaces > > Multicast traffic is not "rebroadcast" to interfaces. It is the > transmission > of a single datagram to multiple interfaces at the same time. And any > interface > running at 100 Mbps full duplex will theoretically handle 200 Mbps, not 100 > Mbps. > > The traffic throughput through a firewall is not bottlenecked at the > interface > anyway, but by the firewall software, which performance is determined by > the > use of NAT, VPNs, number of rules, and other factors. > > > It would be possible to exceed the interface's capacity by utilizing > > multiple interfaces (like an etherchannel configuration). The stonebeat > > HA software can be configured in a load-balancing configuration which may > > The StoneBeat HA software does not perform load balancing. It is a basic > high > availability or load sharing solution. StoneBeat FullCluster performs load > balancing, > and does so up to 16 nodes per cluster. FullCluster also supports the use > of > multiple cluster IP addresses, which would increase its potential > throughput > of the limitations you suggest. That's assuming someone wants to lose the > transparency of the network device, and deal with the problems of a > multiple > IP environment and the complexity it introduces. > > ---------------------------------------------------------------- > Mark Boltz Stonesoft, Inc. > Network Security Specialist 115 Perimeter Center Place > [email protected] South Terraces, Suite 1000 > Tel:Atlanta, GA 30346 > Cel:USA > Fax:http://www.stonesoft.com > > New support numbers! > Toll free:> Other areas:> > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|