Re: High Speed Firewalls

[Chenggong Charles Fan <fan () rainfinity com>]

I have a question regarding using load-balancers (such as F5, Alteon or
LocalDirector) for firewalls to achieve high performance and high
availability.  If the firewall sits on 3 subnets, it seems that you'll
need three pairs of load balancers (one for each subnet) to have a HA+LB
solution.  If you have more subnets, it's gonna be even more expensive. 
Is there any go-around for that?

Charles

"Woeltje, Donald" wrote:
> I'm sorry Rick, but it's not. When I priced BigIP, it was running over
> $50,000 (depending on the licensing, as I remember; it's been a couple
> years). At that same time, the Alteon ACESweitch 180 (with the ACElerate
> software) came in at between $17,000 and $18,000. And the ACESwitch
> performed 20 times faster, approximately. And it had all the same types of
> load balancing features. It also outperformed Cisco's Load Director (or, and
> I apologize to the group if I'm remembering the name a little incorrectly,
> Cisco's Local Director; again, it's been a couple years) by an even greater
> amount. Now, if I remember correctly, the Cisco solution was running in the
> low $20k's, almost price competitive with the Layer 4 switches on the market
> (including Alteon, which was the only Layer 4 switching product I tested).
> But in my mind there was just no comparison, overall. Why pay more for less
> when you can pay less for more?
>
> > -----Original Message-----
> > From: Rick Murphy [SMTP:rmurphy () mitretek org]
> > Sent: Thursday, March 02, 2000 7:15 AM
> > To:   Henry Baez; firewall-wizards () nfr net
> > Subject:      Re: High Speed Firewalls
> >
> > At 10:51 AM 3/1/00 -0500, Henry Baez wrote:
> > > I am doing research on very high speed firewalls.  I mean firewalls that
> > > are right now available that could handle OC3 and higher speeds via Gig
> > > Byte Etherenet cards.  In searching the recent posting of this list and
> > > a lot of general web searching, I have found only one firewall that
> > > claims they can do so.  It is call POTUS from a company called Livermore
> > > Software Laboratories.  I would very much like to find at lease another
> > > vendor which at lease matches the claim of PORTUS, 300 MB plus through
> > > put.  Management, bless them, likes to have choices, I would like to
> > > present more then one vendor if possiable.
> >
> > Since your requirement is for large bulk file transfers, I'd be wary - or
> > at least ask the vendor to let you validate their performance claims. If
> > I'm not mistaken, Portus uses a ftp proxy.  To get anything like 300 MB/s
> > through a proxy is going to use a really big hulking machine - especially
> > if you're talking a small number of FTP streams. Even 300 megabit/sec is
> > pretty unlikely unless it's a big box.
> > I agree with the other folks that using a filtering router is probably the
> >
> > lowest cost solution for you.
> >          -Rick