Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Maximum Throughput? - 1 GBit/s required

To: [email protected]
Subject: Re: [FW1] Maximum Throughput? - 1 GBit/s required
From: Cameron L Palmer <[email protected]>
Date: Tue, 14 Nov 2000 11:03:39 -0800
Cc: Peter Lukas <[email protected]>, "Chris 'Chipper' Chiapusio" <[email protected]>, Daniel Wirth <[email protected]>, "Checkpoint Mailingliste (E-Mail)" <[email protected]>
Organization: Seagate Technology
References: <[email protected]>
Sender: [email protected]

The multicast is part of the IGMP snooping protocol.  Correct?  I think Stonebeat
has a very elegant solution.  I also like the Stonebeat DNS Cluster.

[email protected] wrote:

> Peter,
>
> Your statements about StoneBeat FullCluster are misleading or erroneous.
>
> > Because the FullCluster method utilizes (rather improperly)
> > a multicast address to address multiple firewall devices, you
> > will never exceed the maximum throughput available on a given
> > interface.
>
> We do not "improperly" use multicast addresses. Our use of multicast MAC
> addresses follows Ethernet multicast standards.
>
> > For example, a 3-node cluster with 100Mbps Full-Duplex interfaces will
> > max out at 100Mbps (theoretical maximum).  Since traffic must be
> rebroadcast
> > to all interfaces in the cluster via the multicast address, all
> interfaces
>
> Multicast traffic is not "rebroadcast" to interfaces. It is the
> transmission
> of a single datagram to multiple interfaces at the same time. And any
> interface
> running at 100 Mbps full duplex will theoretically handle 200 Mbps, not 100
> Mbps.
>
> The traffic throughput through a firewall is not bottlenecked at the
> interface
> anyway, but by the firewall software, which performance is determined by
> the
> use of NAT, VPNs, number of rules, and other factors.
>
> > It would be possible to exceed the interface's capacity by utilizing
> > multiple interfaces (like an etherchannel configuration).  The stonebeat
> > HA software can be configured in a load-balancing configuration which may
>
> The StoneBeat HA software does not perform load balancing. It is a basic
> high
> availability or load sharing solution. StoneBeat FullCluster performs load
> balancing,
> and does so up to 16 nodes per cluster. FullCluster also supports the use
> of
> multiple cluster IP addresses, which would increase its potential
> throughput
> of the limitations you suggest. That's assuming someone wants to lose the
> transparency of the network device, and deal with the problems of a
> multiple
> IP environment and the complexity it introduces.
>
> ----------------------------------------------------------------
> Mark Boltz                                       Stonesoft, Inc.
> Network Security Specialist           115 Perimeter Center Place
> [email protected]              South Terraces, Suite 1000
> Tel:Atlanta, GA 30346
> Cel:USA
> Fax:http://www.stonesoft.com
>
> New support numbers!
> Toll free:> Other areas:>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- Re: [FW1] Maximum Throughput? - 1 GBit/s required
  - From: [email protected]

Prev by Date: Re: [FW1] Problem with Configuration
Next by Date: [FW1] User UNKNOWN in log
Previous by thread: Re: [FW1] Maximum Throughput? - 1 GBit/s required
Next by thread: Re: [FW1] Maximum Throughput? - 1 GBit/s required
Index(es):
- Date
- Thread