Firewall Wizards mailing list archives
Re: [RE: [High Speed Firewalls]]
From: James Vaughn <j.vaughn () usa net>
Date: 2 Mar 00 11:09:46 CST
Greetings, The following is a perfect example of why I tried to send mail directly to Mr. Baez, and mentioned saving bandwidth on the mailing list... But since that failed... "Woeltje, Donald" <dwoeltje () sebh org> wrote:
You're kidding, right? Neither a router (Cisco or any other) nor BigIP
Everyone has to have their $00.02 worth of opinion, and that's fine -- experience with particular products, "proof of whatever you want" testing; experts, as it were, who are "just trying to help" in their own, delightful way. I was expressing mine, just as you are. No, I'm not kidding. Mr. Baez didn't state the specific reasons he needs this solution, except to mention large file transfers "across the world," and that he answers to management. As stated, I suggested the two solutions with which I've worked, that produced the desired results in good fashion -- and made note that others exist. BigIP an over-priced router with load-balancing? Depends -- what's Mr. Baez' (or mine, or anyone's) definition of price? Cost? Is it more valuable for his company to purchased a boxed solution such as provided by F5 or Cisco -- solutions that work, are industry proven, and are "recognized as experts"? Or more equitable for him to research, learn, spend time, & set-up his own test-bed until he can graphically illustrate to his superiors which products actually /will/ work best, in his environment, on their network, for their needs, within his budget, etc... He's sending large files -- via... FTP? Across network shares? HTTP-downloadable? Through email? If it's a web-based environment, with a large user group, BigIP is a reasonable solution. Otherwise, not. Thanks to you (and others) he now has a wealth of options to research at his leisure. Layer-4 switching? A good technology, definitely helps increase data traffic flow IF the rest of the networking infrastructure is optimized, too -- otherwise it's a waste. And pricey. Cisco's supported Layer-4 switching for some time, but they haven't yet broadcast it to market until they're convinced & have perfected it to a 'rock-solid' state (something I greatly respect about Cisco.) And it seems that Layer-4 switches are starting to come with so many other bells, whistles, & crap that the inherent advantages are degraded. Built-in firewall? I would hope so, given the visible nature of traffic on Layer 4... Better, though, if filtering & security were left to another device. If he (or anyone) is to consider a fast-switched solution, I'm sure you'll agree that they should research it & make sure the rest of their network isn't going to bottleneck the advantages... Still, it's a hardware-based solution -- which was my point. If he wants efficiency and speed in routing traffic, then a switch-based solution may help him out. If he wants the same in /filtering/ traffic (he did mention 'firewall'), then it's not the best solution. If he wants /both/? Probably (mixed-bag of opinions, here) would be best to get separate solutions for each -- a high-speed core [switch] managing a fast-E, switch-based network, residing behind a high-end router/firewall solution. Unless his has a world-wide LAN (i.e., if his 'campus' is point-to-point across the world) then he won't have to worry -- but since that doesn't seem to be the case, he will /have/ to have some kind of routing equipment -- better that it be equipment specifically designed for that purpose. And this all assumes, of course, that his is a large, established company with plenty of funding, time, and manpower. If his is a small CAD-design shop with some remote contractors, then the entire discussion is moot... *grin* Anyway... There is no "perfect" solution-in-a-box. My goal was to simply to recommend -- for further research, not blind acceptance -- solutions that I've used in the past, and have worked, based on the vague needs he mentioned. Later, - James D Vaughn "Woeltje, Donald" <dwoeltje () sebh org> wrote:
You're kidding, right? Neither a router (Cisco or any other) nor BigIP
5 can
perform as well (all out high-speed performance) as a switched solution, utilizing a Layer 4 switch, that has built-in firewalling capabilities. I've done "proof of concept" laboratory testing of these types of
solutions.
BigIP is nothing more than an over-priced router with load balancing capabilities, much like a Cisco router with Cisco's Load Director on it. If he really just wants the ultimate in performance, I would suggest that
he
check out Alteon WebSystems ACESwitch 180 with their ACElerate software
(and
all the other Layer 4 switches on the market) to see if that will
accomplish
what he wants. However, if he wants a "firewall", then he should get a recognized firewall product from one of the companies that are recognized
as
experts in the IT security industry.-----Original Message----- From: James Vaughn [SMTP:j.vaughn () usa net] Sent: Wednesday, March 01, 2000 1:58 PM To: firewall-wizards () nfr net Subject: Re: [High Speed Firewalls] Hi, I'd recommend checking into a hardware-based firewall solution, rather than a software firewall. Hardware solutions are specifically designed for the volume of traffic about which you're speaking. Check www.f5.com for their BigIP product (which is an internet-centric load-balancing, FW/etc. machine -- i.e., more than just a firewall; depends on why you need this) or www.cisco.com and look into their PIX solutions. There are others out there, too -- but these are the ones with which I'm familiar and trust. BTW -- Tried to send you an email directly (to save bandwidth on the nfr list) but the email was rejected: <hbaez () eos hitc com>: Connected to 38.177.222.21 but sender was rejected. Remote host said: 550 Access denied Probably a spam filter. ;^) - James D Vaughn Henry Baez <hbaez () eos hitc com> wrote:I am doing research on very high speed firewalls. I mean firewalls
that
are right now available that could handle OC3 and higher speeds via Gig Byte Etherenet cards. In searching the recent posting of this list and a lot of general web searching, I have found only one firewall that claims they can do so. It is call POTUS from a company called
Livermore
Software Laboratories. I would very much like to find at lease another vendor which at lease matches the claim of PORTUS, 300 MB plus through put. Management, bless them, likes to have choices, I would like to present more then one vendor if possiable. I have experiences with two commercial firewalls, Checkpoint and Gauntlet, and one freeware firewall, Ipfilter. But the links where way under 10 Meg Byte. None of the firewalls I have work on 'claim' the speeds I am looking for. All the magazines 'test/reviews' I have
looked
at top out at about 150 Meg. Byte. The number of users for this
project
would not be large, but each one would be moving Gig Byte size files across the world. Thanks, Henry Baez hbaez () eos hitc com--------------------------------------------- Attachment: hbaez.vcf MIME Type: text/x-vcard ---------------------------------------------____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
Current thread:
- Re: [RE: [High Speed Firewalls]] James Vaughn (Mar 02)