Firewall Wizards mailing list archives

Re: High Speed Firewalls

From: woody weaver <woody () fullspeed com>
Date: Tue, 7 Mar 2000 07:09:39 -0800

On Mon, Mar 06, 2000 at 07:18:12AM +0100, Johann G. Hautzinger wrote:

woody weaver wrote:


A couple of points:

1.  (obligatory mathematical note from an ex math professor) The
rainwall actually scales sublinearly.  Each machine (tries to) talk to
every other machine, and there are election rules and etc.  That sort of
overhead increases as the square of the number of firewalls, and so at
some point, the complexity of that computation would start getting
significant. (end obligatory math note)

as an ex pupil of a math professor i doubt this ... if there were two
firewalls each one would have to talk to the other (=2x1), if there were
three, this would be 6 (=3x2x1) ... with n firewalls this would be
nx(n-1)x(n-2)...x1 or n! in short. looks to me as if this was faculty,
no?


Grin.  The election rules allow you to escape having to maintain a 2^n
or n! complexity.  Consider it from the perspective of a single CPU.
Periodically, I'm going to go out and talk to every other machine [O(n)]
and see if they are saying that they are working.  For example, lets
assume we have three CPU's, A, B, and me at C.  If A tells me he
is working, and B tells me he is not working (or fails to communicate)
I don't necessarily have to go back to A and ask him what he thinks
about B.  I just trust my data -- to a point.  Moreover, when I
communicate with A, that also works for him talking to me, so the
attempted communications are (C,A), (C,B), (A,B) -- only 3, not 6.
So its n * O(n) = O(n^2), not worse.

In addition, the election stuff becomes important if, for example, I try
to talk to A and B, and fail to both.  I could assume that for some
strange reason, both machines have simultaneously died, and I should
take over the work for the whole cluster.  That's probably the wrong
decision, though; more likely is that I've died, and A & B should take
over for me.  So if the clique of machines I can talk to is less than
half of the clique that was working a few ticks ago, I should probably
conclude I'm in a failed clique, and wait...  or at least, that is where
the deep magic in the communication process lies.

yes?

--woody


*greetz* from vienna

Hannes

-- 
Johann Georg Hautzinger,  email: trema () eic at,  Tel.: 531 00 1907
Erste Bank AG - OE 0423 - Orga./Entw. Treasury u. Orga.Wertpapier
Boersegasse 14, 1010 Wien            http://treasury.erstebank.at

Current thread:

PORTUS (was Re: High Speed Firewalls), (continued)
- PORTUS (was Re: High Speed Firewalls) Josef Pojsl (Mar 02)
- Re: High Speed Firewalls Rick Murphy (Mar 02)
- RE: High Speed Firewalls Dippold, John (Mar 01)
- Re: High Speed Firewalls Robert Graham (Mar 01)
  - Re: High Speed Firewalls ddhumphr (Mar 02)
    - Re: High Speed Firewalls Carric Dooley (Mar 02)
- Re: High Speed Firewalls Henry Baez (Mar 01)
- RE: High Speed Firewalls Deane, James (Mar 02)
  - Re: High Speed Firewalls woody weaver (Mar 03)
    - Re: High Speed Firewalls Johann G. Hautzinger (Mar 06)
    - Re: High Speed Firewalls woody weaver (Mar 12)
- RE: High Speed Firewalls Woeltje, Donald (Mar 02)
- RE: High Speed Firewalls John F. Appel (Mar 02)
- RE: High Speed Firewalls Dippold, John (Mar 02)
- RE: High Speed Firewalls Sink, Douglas D (Doug), BNSVC (Mar 02)
- RE: High Speed Firewalls Burden, James (Mar 02)
- RE: High Speed Firewalls Woeltje, Donald (Mar 03)
  - RE: High Speed Firewalls Rick Murphy (Mar 03)
  - Re: High Speed Firewalls Bennett Todd (Mar 05)
    - Re: High Speed Firewalls Paul D. Robertson (Mar 06)
    - Re: High Speed Firewalls Bennett Todd (Mar 06)

(Thread continues...)