Firewall Wizards mailing list archives
Speeds and feeds
From: "Stout, Bill" <StoutB () pioneer-standard com>
Date: Tue, 26 May 1998 14:06:42 -0400
I'm working with a company currently using a T1 which becomes very sluggish when engineers do many FTP and HTTP sessions through a state firewall on a Netra-1 (firewall is not a bottleneck). They're thinking of upgrading to a T3 with a fast proxy server (+ VPN) since they also are running out of IPs, and internal systems are getting hit by external packets. My knee-jerk reaction is to use a very fast CPU system (600MHz Alpha) and Altavista FW with 100Mbps cards. webservers | Internet--(T3)---R1---FW---+----R2----Internal LAN VPN Tunnel Svr I'm wondering about alternatives to the situation, one is multiple T1s coming into a set of BGP net for redundancy, and to partition FTP/HTTP proxies on one server, and remaining traffic on a second server (allowing future cluster or fail-over via scripts and IP failover of secondaries). Although this actually may be cheaper, faster and more reliable, but it's more complex, and harder for the company to fix if it dies (fails into a degraded mode). Also most local traffic may route through a single T1, and they may inadvertantly become an Internet eXchange. Internet | | | (n+1 T1s) | | | Cisco 2500s | | | Hub/switch | | FW-A FW-B FW-A could be used for outbound client system access, and FW-B could be used for inbound/server protocols (VPN, webserver SQL, NTP, SMTP, DNS, etc). A dual-subnet webfarm could connect to third interface on both. Hmm, too complex maybe. Opinions? Bill Stout
Current thread:
- Speeds and feeds Stout, Bill (May 28)
- Re: Speeds and feeds Bennett Todd (May 29)
- Re: Speeds and feeds Kelly Lucas (May 30)
- <Possible follow-ups>
- RE: Speeds and feeds Moser, Stefan (May 29)
- Re: Speeds and feeds tqbf (May 29)
- Re: Speeds and feeds Ryan Russell (May 30)
- Re: Speeds and feeds Eric Holst (May 30)
- Re: Speeds and feeds Bruce B. Platt (May 30)
- Re: Speeds and feeds Rodney van den Oever (May 30)
- Re: Speeds and feeds Drexx Depuno (May 30)
- Re: Speeds and feeds Bennett Todd (May 29)