Firewall Wizards mailing list archives
Re: High Speed Firewalls
From: woody weaver <woody () fullspeed com>
Date: Thu, 2 Mar 2000 20:28:27 -0800
A couple of points: 1. (obligatory mathematical note from an ex math professor) The rainwall actually scales sublinearly. Each machine (tries to) talk to every other machine, and there are election rules and etc. That sort of overhead increases as the square of the number of firewalls, and so at some point, the complexity of that computation would start getting significant. (end obligatory math note) 2. Scaling requires a fair amount of network design -- creation of "virtual IPs" to subdivide traffic flows. This is relatively straightforward for two or three firewalls, or if the geometry of the environment suggests how to split the traffic, but to try to get tenfold throughput would be a challenge, I think. I think it is an *excellent* product for high availability and low multiple load balancing. --woody On Thu, Mar 02, 2000 at 05:26:42AM -0600, Deane, James wrote:
You might want to look at a product called RAINwall by Rainfinity (www.rainfinity.com). RAIN stands for Redundant Array of Inexpensive Nodes (Inexpensive is, I guess, a relative term, especially when Checkpoint licensing costs get involved.) They claim that it is a clustering solution for Checkpoint FW-1 which can scale linearly to any number of firewalled gateways. Therefore, in an ideal situation, I guess you could cluster enough FW-1 boxes to accommodate this much traffic. HTH, Jim Disclaimer: I'm not affiliated with Rainfinity in any way, we just use it here to cluster 2 FW-1 boxes. For us, it pretty much works as advertised with two boxes. (We aren't as concerned with performance as we are with availability, though.) -----Original Message----- From: Henry Baez [mailto:hbaez () eos hitc com] Sent: Wednesday, March 01, 2000 9:51 AM To: firewall-wizards () nfr net Subject: High Speed Firewalls I am doing research on very high speed firewalls. I mean firewalls that
[...]
Current thread:
- Re: High Speed Firewalls, (continued)
- Re: High Speed Firewalls Ryan McBride (Mar 05)
- Message not available
- Re: High Speed Firewalls Bruce Byrd (Mar 06)
- PORTUS (was Re: High Speed Firewalls) Josef Pojsl (Mar 02)
- Re: High Speed Firewalls Rick Murphy (Mar 02)
- RE: High Speed Firewalls Dippold, John (Mar 01)
- Re: High Speed Firewalls Robert Graham (Mar 01)
- Re: High Speed Firewalls ddhumphr (Mar 02)
- Re: High Speed Firewalls Carric Dooley (Mar 02)
- Re: High Speed Firewalls ddhumphr (Mar 02)
- Re: High Speed Firewalls Henry Baez (Mar 01)
- RE: High Speed Firewalls Deane, James (Mar 02)
- Re: High Speed Firewalls woody weaver (Mar 03)
- Re: High Speed Firewalls Johann G. Hautzinger (Mar 06)
- Re: High Speed Firewalls woody weaver (Mar 12)
- Re: High Speed Firewalls woody weaver (Mar 03)
- RE: High Speed Firewalls Rick Murphy (Mar 03)
- Re: High Speed Firewalls Bennett Todd (Mar 05)