Firewall Wizards mailing list archives
RE: Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . .
From: David Lang <dlang () digitalinsight com>
Date: Fri, 7 Apr 2006 16:52:36 -0700 (PDT)
On Fri, 7 Apr 2006, Keith A. Glass wrote:
scalable. scaleable to what? are you talking an Internet connection where you have a need for multiple T-1 lines? multiple DS-3 lines? multiple OC-12 lines? or are you talking local networks where you have 100Mb ethernet? or gig ethernet? or 10gig ethernet? are you talking just a couple of these networks or are you talking about dozens of these networks?We have initial estimates of 300-500 GB/day in SMTP traffic alone, due to an application that typically sends data in via SMTP in 2MB bundles. But they ALSO want to up the resolution of the graphics inside the bundles, so we've been told to expect an order of magnitude jump about the time we start implementing in the 2008-2009 timeframe. And the data will tend to peak and valley a lot. . . So, realistically, we're talking an initial traffic of 3-5 TB/day in SMTP alone.
5TB/day is a sustained 60MB/sec (1 1/2 DS-3's or so), given that you have a lot of peaks it's reasonable to say that your peak traffic is 2-3x that value. you are still talking about ~200Mb/sec of traffic.
this is comfortably handled with a P-III intel platform (a Nokia 740 appliance is this amount of power)
Sun has a checkpoint appliance that is Opteron based (defaults to 1.4GHz processors, you can upgrade it) for about $30K. this is a very moderate box by today's standard, but would handle the type of bandwidth requirements you are talking about trivially
We have multiple OC's coming in, bandwidth isn't the immediate worry, it's throughput. . .
again I need to ask for definitions. the best overall throughput is generally achieved by spreading the load evenly and running things at max capacity all the time. bandwidth requirements better represent your peak requirements, but I think what you are looking for is responsivness (or low latency). Even with that you should keep in mind that Internet use imposes a latency overhead (cross country is 100ms, a dial-up to the local ISP add 300ms), so you shouldn't let people get worked up about small latencies within your network or your firewalls. On modern hardware even dumb, forking proxies can end up with low enough latency that when added to a moderatly complex network don't add a measurable response to the end-to-end response time of the system.
David Lang -- There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies. -- C.A.R. Hoare _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Info Request: Looking for alternatives in HA/Load balancing firewalls that are also scalable and modular. . ., (continued)
- Re: Info Request: Looking for alternatives in HA/Load balancing firewalls that are also scalable and modular. . . James Hampton (Apr 07)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewalls that are also scalable and modular. . . Paul Melson (Apr 07)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewalls that are also scalable and modular. . . Jan Tietze (Apr 09)
- Re: Info Request: Looking for alternatives in HA/Load balancing firewalls that are also scalable and modular. . . Holger Kipp (Apr 12)
- RE: Info Request: Looking for alternatives in HA/Load balancingfirewalls that are also scalable and modular. . . David Lang (Apr 13)
- RE: Info Request: Looking for alternatives in HA/Load balancingfirewalls that are also scalable and modular. . . Paul Melson (Apr 13)
- Re: Info Request: Looking for alternatives in HA/Load balancingfirewalls that are also scalable and modular. . . Darren Reed (Apr 23)
- Re: Info Request: Looking for alternatives in HA/Load balancingfirewalls that are also scalable and modular. . . Jan Tietze (Apr 13)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewalls that are also scalable and modular. . . Jan Tietze (Apr 09)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . . Keith A. Glass (Apr 09)
- RE: Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . . David Lang (Apr 09)
- Re: Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . . Oliver Humpage (Apr 12)
- Re: Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . . David Lang (Apr 13)
- Re: Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . . Devdas Bhagat (Apr 12)
- Re: Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . . David Lang (Apr 13)
- Re: Info Request: Looking for alternatives in HA/Load balancing firewallsthat are also scalable and modular. . . Devdas Bhagat (Apr 13)