Re: High Speed Firewalls

[woody weaver <woody () fullspeed com>]

A couple of points:

1.  (obligatory mathematical note from an ex math professor) The
rainwall actually scales sublinearly.  Each machine (tries to) talk to
every other machine, and there are election rules and etc.  That sort of
overhead increases as the square of the number of firewalls, and so at
some point, the complexity of that computation would start getting
significant. (end obligatory math note)

2.  Scaling requires a fair amount of network design -- creation of
"virtual IPs" to subdivide traffic flows.  This is relatively
straightforward for two or three firewalls, or if the geometry of the
environment suggests how to split the traffic, but to try to get tenfold
throughput would be a challenge, I think.

I think it is an *excellent* product for high availability and low
multiple load balancing.

--woody

On Thu, Mar 02, 2000 at 05:26:42AM -0600, Deane, James wrote:
> You might want to look at a product called RAINwall by Rainfinity
> (www.rainfinity.com).  RAIN stands for Redundant Array of Inexpensive Nodes
> (Inexpensive is, I guess, a relative term, especially when Checkpoint
> licensing costs get involved.)  They claim that it is a clustering solution
> for Checkpoint FW-1 which can scale linearly to any number of firewalled
> gateways.  Therefore, in an ideal situation, I guess you could cluster
> enough FW-1 boxes to accommodate this much traffic.  
>  
> HTH,
> Jim
>
> Disclaimer:  I'm not affiliated with Rainfinity in any way, we just use it
> here to cluster 2 FW-1 boxes.  For us, it pretty much works as advertised
> with two boxes.  (We aren't as concerned with performance as we are with
> availability, though.) 
>
>
> -----Original Message-----
> From: Henry Baez [mailto:hbaez () eos hitc com]
> Sent: Wednesday, March 01, 2000 9:51 AM
> To: firewall-wizards () nfr net
> Subject: High Speed Firewalls
>
>
> I am doing research on very high speed firewalls.  I mean firewalls that
[...]