Firewall Wizards mailing list archives
Re: High Speed Firewalls
From: woody weaver <woody () fullspeed com>
Date: Thu, 2 Mar 2000 07:40:10 -0800
On Wed, Mar 01, 2000 at 03:18:13PM -0500, Bennett Todd wrote: [...]
If you are firewalling some staggeringly huge number of clients, 1Gbps worth, place multiple firewalls downstream, where this fat pipe has been broken up for distribution.
I came across this yesterday, oddly enough. Agregates from hundreds to thousands of DSLAMs, feeding directly into a data center. No good place to put the firewall downstream! An alternate approach is to use a "firewall sandwich" approach with load balancers at the perimeter of each security domain, multiplexing into the multiple firewalls. The load balancers have to be "sticky", directing a particular IP flow consistently to the same firewall, so state is preserved, but this is fairly normal today. One nice thing about this approach is that it also addresses redundancy/reliability issues, since most load balancers have a mechanism for automatically routing around a failed firewall device. [...]
-Bennett
--woody -- Fullspeed Network Services voice: 510 652 4293 x405 5858 Horton St, Suite 101 cell: 510 593 5849 Emeryville, CA email: woody () fullspeed com
Current thread:
- High Speed Firewalls Henry Baez (Mar 01)
- Re: High Speed Firewalls Bennett Todd (Mar 01)
- Re: High Speed Firewalls woody weaver (Mar 02)
- Re: High Speed Firewalls Bennett Todd (Mar 02)
- Re: High Speed Firewalls woody weaver (Mar 02)
- Re: High Speed Firewalls Darren Reed (Mar 01)
- Re: High Speed Firewalls Bill Pennington (Mar 02)
- Re: High Speed Firewalls Ryan McBride (Mar 05)
- Message not available
- Re: High Speed Firewalls Bruce Byrd (Mar 06)
- Re: High Speed Firewalls Bennett Todd (Mar 01)
- PORTUS (was Re: High Speed Firewalls) Josef Pojsl (Mar 02)
- Re: High Speed Firewalls Rick Murphy (Mar 02)
- <Possible follow-ups>
- RE: High Speed Firewalls Dippold, John (Mar 01)
- Re: High Speed Firewalls Robert Graham (Mar 01)
- Re: High Speed Firewalls ddhumphr (Mar 02)