NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] High Availability

  • To: [email protected]
  • Subject: Re: [FW-1] High Availability
  • From: Steve McNutt <[email protected]>
  • Date: Thu, 18 Apr 2002 09:47:12 -0400
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcHm2UogPIwXYNBGT4a0hgoq5V3xfwAA9LCg
  • Thread-topic: Re: [FW-1] High Availability
As chance would have it, i've never personally encountered a situation where I thought the best design solution would involve load balanced firewalls.

That kind of setup would make sense to me if the traffic was many to many, as in five thousand users heavily accessing the web, or possibly an ASP hosting servers for a large number of companies.

Every case I have been involved in where LB was desired, it involved many to few, as in server farm front ends, where you want to optimally spread the load between the servers, possibly in multiple locations, in addition to providing HA.  In these situations I have preferred to utilize dedicated outboard gear, like F5 Big IPs or Foundry Server Irons.

To me it's an issue of flexibility.  By seperating the functions into discreet elements, you have more design options, more scalability, and making changes to equipment configurations is a little less risky, as the impact of a problem is more isolated.

BTW, I had heard nothing but good things about rainwall.  Never had a chance to play with it though.

-----Original Message-----
From: Joe Pampel [mailto:[email protected]]
Sent: Thursday, April 18, 2002 8:38 AM
To: [email protected]
Subject: Re: [FW-1] High Availability


Nothing against the other solutions, just wanted to pipe in and say we've had a
great time with Rainwall.  *Very* simple to set up, works great and does HA & LB out
of the box. You can tweak it pretty easily for asym traffic too if your FW boxes have
different abilities, or do one inbound, one outbound.. that sort of thing. Worth looking
at if you're examining going to a HA setup.  - JP

>>> James Schnack <[email protected]> 04/12/02 10:04AM >>>
I agree with Steve on this one.

I have a bit of experience with Nokia's VRRP solution, and it works "as
advertised"...  ;)  I definately recommend it, although you should keep in
mind that it is NOT a load balancing solution, just HA. (There's a way to do
a bit of load-balancing by configuring multiple virtual routers, but it's
more like a workaround...)

As for SB (it provides both HA and LB), my experience is more limited, but
the little I have interacted with SB support, I got the same feeling Steve
did. Coincidence ? Maybe...

Just my thoughts.

James


>From: Steve McNutt <[email protected]>
>Reply-To: Mailing list for discussion of Firewall-1
><[email protected]>
>To: [email protected]
>Subject: Re: [FW-1] High Availability
>Date: Thu, 11 Apr 2002 23:32:05 -0400
>
>Well, I suspect you will get a veritable flood of replies on this one :-)
>
>The two HA solutions with FW-1 that I have experience with are Stonebeat
>Full cluster and the Nokia solution.
>
>The stonebeat setup I worked with used sun E250 enforcement servers with
>gig E interfaces and a ultra 10 for a management server
>
>I've done numerous setups with nokia boxes using IP 330's and 440's with a
>variety of interfaces.
>
>The stonbeat was a pain in the a$$, and product support seemed more
>interested in deflecting blame and making excuses than working the
>problems.  I walked away with a bad taste in my mouth.
>
>The Nokia solution works beautifully.  very easy to configure, maintain,
>and administer.  Only drawback is failover can take a couple of seconds.
>If you require subsecond failover, it's not a good choice.
>
>I cannot comment on rainwall or other solutions, as I have not implemnented
>and/or supported them.
>
>Have a good one.
>
>
>Steven McNutt, CCIE #6495, CCSE #6224, MCSE
>President
>LightningCloud Technologies
>bus:>cel:>[email protected]
>
>-----Original Message-----
>From: Arvanitis, Steve [mailto:[email protected]]
>Sent: Thursday, April 11, 2002 4:11 PM
>To: [email protected]
>Subject: [FW-1] High Availability
>
>
>I am looking at a clustering or load balancing solution for my environment.
>  Does anybody have any suggestions on what I should look at?  I am
>presently looking at RainWall and Checkpoints High Availability module.
>
>Thanks
>Steve
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to [email protected]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[email protected]
>=================================================




_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.