Firewall Wizards mailing list archives
Re: RE: Firewall-1 platforms
From: hermit1 <hermits () mac com>
Date: Fri, 09 Mar 2001 09:15:02 -0800
As far as I know, Nokia does not do load balancing. It can do load sharing. (Ask me for details in 2 months after I implement it.) This can be done by pointing half the internal machines to one machine and the rest of the internal hosts to the other Nokia. Pretty crude.
What I expect to do is use OSPF. Basic explanation is that the routers on each side of the firewalls do a hash on the source/destination IP addresses for every packet and allocate the connection to one machine or the other based on the result. Better make sure both routers are using the same hash :-) or you get assymetric traffic.
hermit1 At 12:24 PM 3/8/01 -0500, Barney Wolff wrote:
Nokia may or may not support load balancing, but as I read VRRP, load-balancing support is very primitive - you get to manually configure the default-router IP addresses on the hosts behind the firewall. I have no live experience with Stonebeat, but I believe the advertised load-balancing support is fancier. Barney Wolff On Tue, Mar 06, 2001 at 07:46:53PM -0600, shawn . moyer wrote: > "Kalat, Andrew (ISS Atlanta)" wrote: >> > Indeed, VRRP is pretty cool. As fail over goes, I agree, it's pretty > > easy and elegant. I might have misspoke though. I was referring to not just> > fail over, but actual true load balancing, where both boxes are passing> > traffic, rather than having one in hot standby waiting for a failure. Do you> > know of a way to do that with Nokia? That would indeed rock... > > Yeah, actually. VRRP does share load, it's part of the spec, in fact. > Been awhile since I've done it, but I believe you configure a weight for > each IP in relation to the shared Virtual IP (VIP) and traffic is shared > across via that weight metric. > > At the employer where we did this we had four Nokia boxes sharing load > for 150Mbps of traffic (each box basically was assigned 25% of the > load), and it was part of our standard configuration do two Nokia's load > sharing 50% each. > > http://www.networksorcery.com/enp/protocol/vrrp.htm > > http://www.networksorcery.com/enp/rfc/rfc2338.txt _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: RE: Firewall-1 platforms, (continued)
- RE: RE: Firewall-1 platforms Joe Ippolito (Mar 07)
- RE: RE: Firewall-1 platforms Chuck Fasching (Mar 07)
- RE: RE: Firewall-1 platforms Kalat, Andrew (ISS Atlanta) (Mar 07)
- Re: RE: Firewall-1 platforms shawn . moyer (Mar 07)
- Re: RE: Firewall-1 platforms Barney Wolff (Mar 09)
- Re: RE: Firewall-1 platforms shawn . moyer (Mar 09)
- Re: RE: Firewall-1 platforms Barney Wolff (Mar 09)
- Re: RE: Firewall-1 platforms shawn . moyer (Mar 09)
- Re: RE: Firewall-1 platforms Barney Wolff (Mar 09)
- Message not available
- Re: Firewall-1 platforms (end of thread, I hope.) shawn . moyer (Mar 09)
- Re: RE: Firewall-1 platforms shawn . moyer (Mar 07)
- Re: RE: Firewall-1 platforms hermit1 (Mar 10)
- Re: RE: Firewall-1 platforms hesselsp (Mar 09)