Firewall Wizards mailing list archives

VRRP vs. Stonebeat

From: Oliver_Weismantel () gillette com
Date: Wed, 15 Mar 2000 17:07:00 +0100

Hi,

while reading the Februar discussion "Nokia/Checkpoint firewall" some
questions formed in my mind regarding Stonebeat and VRRP features. I'm in
the process of making the decision whether to buy either two Solaris or two
Nokia Firewalls to be configured in HA mode. I would like to explicitly
discuss the HA features. Managing (and therefor recommending) the one or
other solution because of OS and features depends a lot on experience and
preferences of the administrator.

To me it is pretty unclear how VRRP determines a box being "dead" to
initiate a failover. From what I know Stonebeat is very flexible in
implementing failover conditions. To make it more clear let me describe two
or three scenarious here:

1) Interface goes down
Usual failover condition. Both solutions can detect and will fail over. Now
lets assume the default gateway to the Internet is unreachable from the
Firewall but the network interface stays up (e.g. because of the switch the
box is connected to has a  partial failure). With Stonebeat I can ping the
default gateway for reachability and in case it is gone independent of the
network interface status I can initial failover. How can VRRP handle that ?

2) Firewall process dies
Can VRRP detect a dead Firewall process ? Here we would have a functional
network connectivity, but the firewall processes on the box are gone, the
box as a firewall is not operational. From what I know Stonebeat can
detect, VRRP not.

3) Proxy Server unreachable
Same as 1) but instead of the default gateway a proxy in a DMZ is
unreachable. How can VRRP detect (remember: interface still alive).

I do not know either of the products in detail, so please correct me if I'm
wrong.

Also I would be very interested in experience with loadsharing and
-balancing. From what I know Stonebeart can do. I do not understand how
VRRP handles that.

Thank you for your help.

Regards,
Oliver

---------------------------------------------------------------------------
Oliver Weismantel
Braun GmbH
Frankfurter Straße 145          06173/30-1710
61476 Kronberg                    06173/30-1145

oliver_weismantel () gillette com
---------------------------------------------------------------------------

Current thread:

VRRP vs. Stonebeat Oliver_Weismantel (Mar 21)
- RE: VRRP vs. Stonebeat Stefan Norberg (Mar 21)