Firewall Wizards mailing list archives
Re: High availability firewalls
From: "Peter J. Cherny" <peterc () luddite com au>
Date: Wed, 21 Jan 1998 23:20:04 -1000
At 10:00 20/01/98 -0500, Adam Shostack wrote:
You forgot the crossover links. Each firewall machine has 2 network interfaces per side (inside, outside, dmzside(?).) One interface on a side plugs into either hub, thus we get a crossbar architecture. It might also be worth looking at using a non star implementation, such as thinnet, to remove the hubs from the picture. Always struck me as a simpler solution, but couldn't sell my customers at the time on it. You do have the possibility of a transciever failure, but since those tend to be line powered, there is a lower chance of failure.
Apropos hubs/transceivers, it's been my practice to use UTP cross-over cables and multiple Quad Ethernet cards in the various SUNs that I use as routers/firewalls. The per port cost of the cards is relatively low and is zero-sum since you don't have to buy any hubs. (You can have a total of 13 ports in a SS1/2/5 etc.). The extra reliability gained by eliminating hubs is a major plus, and easily allows various meshes to increase resilience. pjc
Current thread:
- High availability firewalls Jyri Kaljundi (Jan 19)
- Re: High availability firewalls Randy.Witlicki. (Jan 19)
- Re: High availability firewalls Roger Nebel (Jan 20)
- Re: High availability firewalls Billy Smith (Jan 20)
- Re: High availability firewalls Adam Shostack (Jan 20)
- Re: High availability firewalls Peter J. Cherny (Jan 21)
- Re: High availability firewalls chuck (Jan 20)
- Re: High availability firewalls Allen Todd (Jan 21)
- Re: High availability firewalls Jyri Kaljundi (Jan 22)
- Re: High availability firewalls Allen Todd (Jan 21)
- <Possible follow-ups>
- RE: High availability firewalls Gary Crumrine (Jan 20)
- RE: High availability firewalls Stefan Jon Silverman (Jan 21)
- RE: High availability firewalls Stout, William (Jan 21)
- Re: High availability firewalls Allen Todd (Jan 22)
- Re: High availability firewalls Randy.Witlicki. (Jan 19)