Firewall Wizards mailing list archives
RE: Speeds and feeds
From: "Andrew J. Luca" <andrewluca () mediaone net>
Date: Sun, 7 Jun 1998 12:01:07 -0400
I want to point out that the issues that I presentedare based in reality as implemented by companies who can not (read lose millions of dollars per hour or minute) tolerate down time - ever. We ran multi-user UNIX systems like they were mainframes with target annual downtimes approaching zero (99.97%). We achieved those numbers for six years running - the entire lifetime of my organization at that company. You may not agree with running dynamic routing protocols on a firewall - and in most cases I do not either - however, firewalls will not scale to support electronic business in their current incarnation. What is missing today is an additional layer of fault tolerance and redundancy. The first of these layers comes from a software (or possibly hardware) high availability package. This brings a large gain of availability to the picture. However, without some type of dynamic fail-over for the network links (again, I point out that this is your weakest link) you still can't guarantee the highest levels of availability. I would assert that with proper controls implemented, it is possible to run a dynamic protocol on a firewall with little to no additional risk. The problem with dynamic routing protocols come from using simple protocols (like RIP) without proper controls. Running a more configurable protocol (like OSPF) with controls in from of t firewall (like filtering routers) and control over the routing package (like a stripped gated) provides this. Your solutions for multiplexing DS-1's will scale to any size that you can reasonably imagine. After all, DS-3's are simply lots of DS-1's multiplexed together! Your only limit is the number of interfaces that your router has. Since this has taken such a theoretical bent, I would argue that this could be any number. (Not a practical number, though ;-)) Looking into a capped (or channelized or whatever) type of DS-3 can be a good choice for a company. The time that you spend installing 2 Mbps worth of bandwidth today just to upgrade to 4 or 6 nine months from now can be more expensive than the additional costs. Many providers in metro areas today are pushing clients to consider channelized DS-3 capacity as a way to justify local loop upgrades. A DS-3 implementation that I looked at four months ago for two DS-1's vs. a 4Mbps DS-3 put the DS-3 solution far ahead of the DS-1's. You need to consider what you could potentially do with the remaining bandwidth of the DS-3 before making a decision like that. You can let the telco channelize the DS-3 for you and only take the segment that you need. I bet that they have a use for the extra bandwidth even if you don't. This, of course, would not apply if you lived in Wyoming. But, then I already sataed that we were talking about metrareas. Also, from experience, the big providers are the only way to ensure that a large company is always connected to the Internet. The mom & pop shops are drying up these days. The big guys are the only ones that have enough survivability to ensure that they can meet demanding SLA's. If you think that any type of significant electronic commerce will take off without this, you are dead wrong. There are few if any large scale implementations of true electronic commerce today. (The idea that electronic commerce is sending your credit card over the Internet is silly - we never argued that calling L.L. Bean with our credit card was telephony commerce!) One of the biggest fears in corporate America is whether electronic commerce can actually support a business - that means in every aspect of the model not just in one area. -Drew
Current thread:
- Re: Speeds and feeds Stout, Bill (Jun 02)
- Re: Speeds and feeds David Lang (Jun 03)
- <Possible follow-ups>
- Re: Speeds and feeds tqbf (Jun 03)
- RE: Speeds and feeds Andrew J. Luca (Jun 05)
- Re: Speeds and feeds tqbf (Jun 05)
- RE: Speeds and feeds Andrew J. Luca (Jun 07)
- Re: Speeds and feeds tqbf (Jun 07)
- RE: Speeds and feeds Andrew J. Luca (Jun 07)
- Re: Speeds and feeds tqbf (Jun 07)
- RE: Speeds and feeds Andrew J. Luca (Jun 08)
- RE: Speeds and feeds Andrew J. Luca (Jun 05)