-----Original Message-----
From: David Lang [mailto:dlang@digitalinsight.com]
Sent: Friday, April 07, 2006 4:21 PM
To: Keith A. Glass
Cc: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load
balancing firewallsthat are also scalable and modular. . .

On Tue, 4 Apr 2006, Keith A. Glass wrote:

>> . . . .Here's my situation:
>> We're currently spec'ing functional requirements for a new web-based
>> implementation of a number of enterprise apps. One obvious problem is
>> the firewall system: it needs to be both load-balancing and high-
>> availability, AND scalable. We're still getting a feel for potential
>> traffic, but we expect to have a requirement for in-line expansion of the

>> system while remaining online.

>high-availability is easy to understand the requirements for.

>load-balancing is only a requirement from a marketing/management point of
>view unless you can define your third point

Customer wants it. Pretty much non-negotiable point. . .

>scalable. scaleable to what? are you talking an Internet connection where
>you have a need for multiple T-1 lines? multiple DS-3 lines? multiple
>OC-12 lines? or are you talking local networks where you have 100Mb
>ethernet? or gig ethernet? or 10gig ethernet? are you talking just a
>couple of these networks or are you talking about dozens of these

We have initial estimates of 300-500 GB/day in SMTP traffic alone, due to an
application that typically sends data in via SMTP in 2MB bundles. But they
ALSO want to up the resolution of the graphics inside the bundles, so we've
been told to expect an order of magnitude jump about the time we start
implementing in the 2008-2009 timeframe. And the data will tend to peak and
valley a lot. . . So, realistically, we're talking an initial traffic of 3-5
TB/day in SMTP alone.

We have multiple OC's coming in, bandwidth isn't the immediate worry, it's
throughput. . .

>sorry for the rant, but you managed to hit one of my current sore points
>(I just got out of a meeting with an engineer who claimed that we couldn't
>do something becouse of the huge load that it would cause, when that load
>consisted of one extra network hop for one out of hundred connections :-/

No biggie. We're literally just starting to do the requirements analysis,
but we also want to talk to vendors in the fairly near future to get a feel
for what they have coming down the line. . .

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.3.5/303 - Release Date: 4/6/2006

firewall-wizards mailing list