Re: Firewall bake-off?

["K K" <kkadow () gmail com>]

On 3/21/07, Jim MacLeod <jmacleod () gmail com> wrote:
> On 3/20/07, Zachary Grafton <chaotic.chowder () gmail com> wrote:
> > Well, the greatest thing about the sidewinder is how easy it is to
> > configure things. It does have clustering and nice failover features,
> > which are in my opinion, extremely important. If you are worried about
> > performance with a Sidewinder, just buy another one and cluster them.
>
> Does it support active-active load splitting?  Or do you need an
> external load balancer for that?

The Sidewinder G2 does have active-active load-splitting, but many
customers (us included) choose to use an external load-balancer.

One reason we use an external load balancer appliance is because our
LB can do the one load-control approach missing from Sidewinder G2:
limit clients by bandwidth, session rate, and max simultaneous
sessions (Sidewinder has rate limiting only for IP-Filter, and no ToS
or bandwidth controls).


> How destructive is the transition when one fails?
> How extensive is the state sync?

Clusters share IP-filter state and configuration only, any proxied TCP
connections on the failed firewall will abend when a failover event
occurs.


> Will it scale to n+1, or is it limited to 2 firewalls?

The web site states you can have 5 firewalls in a cluster.  I believe
they're working towards highly scalable load-sharing, but I don't know
what the current load-sharing options are.

Kevin  "Just a (mostly) happy customer" Kadow
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards