Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . .

From: ArkanoiD <ark () eltex net>
Date: Mon, 10 Apr 2006 17:45:41 +0400
nuqneH,

Well, i guess it is firewall to protect some kind of public server, that's 
the only configuration where you need truly scalable HA solution.

When it comes to protecting LANs it is better to have multiple branch firewalls.

Am i right?

(Again, my favorite rant: there are actually at least 3 completely different 
device types all of them called "firewalls", and they differ in functional 
requirements and architecture. It leads to major misunderstading.) 

On Fri, Apr 07, 2006 at 01:20:48PM -0700, David Lang wrote:

On Tue, 4 Apr 2006, Keith A. Glass wrote:


. . . .Here's my situation:

We're currently spec'ing functional requirements for a new web-based 
implementation of a number of enterprise apps.  One obvious problem is the 
firewall system: it needs to be both load-balancing and high-availability, 
AND scalable.  We're still getting a feel for potential traffic, but we 
expect to have a requirement for in-line expansion of the system while 
remaining online.


high-availability is easy to understand the requirements for.

load-balancing is only a requirement from a marketing/management point of 
view unless you can define your third point

scalable. scaleable to what? are you talking an Internet connection where 
you have a need for multiple T-1 lines? multiple DS-3 lines? multiple 
OC-12 lines? or are you talking local networks where you have 100Mb 
ethernet? or gig ethernet? or 10gig ethernet? are you talking just a 
couple of these networks or are you talking about dozens of these 
networks?

as others noted load balanceing is seldom needed for technical reasons, 
and it's impossible to answer anything about scalability without knowing 
what sort of scale you are talking about. In most cases a single 
high-capacity box (plus HA backup) can easily handle the full load, and 
the percentage of cases like this is growing as boxes get faster (which is 
happening at a faster rate then the communications links)

sorry for the rant, but you managed to hit one of my current sore points 
(I just got out of a meeting with an engineer who claimed that we couldn't 
do something becouse of the huge load that it would cause, when that load 
consisted of one extra network hop for one out of hundred connections :-/ 
)

David Lang

-- 
There are two ways of constructing a software design. One way is to make it 
so simple that there are obviously no deficiencies. And the other way is to 
make it so complicated that there are no obvious deficiencies.
 -- C.A.R. Hoare

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: