Re: RE: Firewall-1 platforms

[<hesselsp () ashaman dhs org>]

I am sort of talking out of my depth here.  Be warned.

I looked at the rfc for a year or so ago.  And I just reread it now.

VRRP can't really be said to support load balancing.  AFAIK you must be
statically(or using another routing protocol) defining your load balancing
with equal cost multipaths, which is not a feature of VRRP.  And while
this is load balancing, it has nothing to do with VRRP, it is a feature of
your router or operating system.

Correct?

On Tue, 6 Mar 2001, shawn . moyer wrote:

> "Kalat, Andrew (ISS Atlanta)" wrote:
>
> >         Indeed, VRRP is pretty cool. As fail over goes, I agree, it's pretty
> > easy and elegant. I might have misspoke though. I was referring to not just
> > fail over, but actual true load balancing, where both boxes are passing
> > traffic, rather than having one in hot standby waiting for a failure. Do you
> > know of a way to do that with Nokia? That would indeed rock...
>
> Yeah, actually. VRRP does share load, it's part of the spec, in fact.
> Been awhile since I've done it, but I believe you configure a weight for
> each IP in relation to the shared Virtual IP (VIP) and traffic is shared
> across via that weight metric. 
>
> At the employer where we did this we had four Nokia boxes sharing load
> for 150Mbps of traffic (each box basically was assigned 25% of the
> load), and it was part of our standard configuration do two Nokia's load
> sharing 50% each. 
>
> http://www.networksorcery.com/enp/protocol/vrrp.htm
>
> http://www.networksorcery.com/enp/rfc/rfc2338.txt
>
>
>
> --shawn

-- 
--
Paul

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards