Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] FTP breaks with per packet load share

To: [email protected]
Subject: [FW-1] FTP breaks with per packet load share
From: Andy Druda <[email protected]>
Date: Sun, 23 Dec 2001 15:41:51 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi all,

I have a problem with our load sharing of our four T1 connections.  We have
four T1 connections going to our ISP.  At each end they are connected to
their respective CSUs and then to a Cisco router.  Cisco literature
describes two load sharing techniques for this arrangement: Per Packet and
Per destination.  Per packet causes each next packet to go to each next T1
(like around robin).  A single connection through the routers configured
this way can achieve the combined speed of the four connections (six
megabit per second).  The other technique causes all connections to a same
destination to go via one circuit.  The result of this configuration is
that any one connection can only get the speed of one connection (1.5
megabits per second).  Clearly the first system provides better performance
for any but full peak load times.

Sorry for this long explanation but now to the problem.  When I use the per
packet technique (and only then) FTP connections become nearly useless when
the ALSO go through my firewall.  The connections falter and then almost
always fail.  The Firewall is VPN-1 4.1 with floodgate-1.  SP2, 4 and I
believe 5 all exhibited this behavior.  I can shut off floodgate and the
problem does not go away.  The FW is running on W2K by the way.  FTP
connections that DON'T go through my firewall work great.

The only thing I can think happens to the FTP connection in this
environment is there are a slightly larger number of out of sequence
packets but counting this up by hand to confirm this would be a bear so I
can't swear this happens.

Anyone have any suggestions?  I will be back in the office on 01-02-02  and
we plan to switch the per per packet config and try to work it out.  All
suggestions appreciated.

Thanks,

Andy


Andy Druda
Network and Communications Manager
Wagner College
Staten Island, New York

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] VRRP Document
Next by Date: [FW-1] Problems installing SR in windows XP
Previous by thread: Re: [FW-1] VRRP Document
Next by thread: [FW-1] Problems installing SR in windows XP
Index(es):
- Date
- Thread