[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] FTP breaks with per packet load share
Hi all, I have a problem with our load sharing of our four T1 connections. We have four T1 connections going to our ISP. At each end they are connected to their respective CSUs and then to a Cisco router. Cisco literature describes two load sharing techniques for this arrangement: Per Packet and Per destination. Per packet causes each next packet to go to each next T1 (like around robin). A single connection through the routers configured this way can achieve the combined speed of the four connections (six megabit per second). The other technique causes all connections to a same destination to go via one circuit. The result of this configuration is that any one connection can only get the speed of one connection (1.5 megabits per second). Clearly the first system provides better performance for any but full peak load times. Sorry for this long explanation but now to the problem. When I use the per packet technique (and only then) FTP connections become nearly useless when the ALSO go through my firewall. The connections falter and then almost always fail. The Firewall is VPN-1 4.1 with floodgate-1. SP2, 4 and I believe 5 all exhibited this behavior. I can shut off floodgate and the problem does not go away. The FW is running on W2K by the way. FTP connections that DON'T go through my firewall work great. The only thing I can think happens to the FTP connection in this environment is there are a slightly larger number of out of sequence packets but counting this up by hand to confirm this would be a bear so I can't swear this happens. Anyone have any suggestions? I will be back in the office on 01-02-02 and we plan to switch the per per packet config and try to work it out. All suggestions appreciated. Thanks, Andy
================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|