This is a discussion on Re: [fw-wiz] Info Request: Looking for alternatives in HA/Load - Firewalls ; On Sun, 9 Apr 2006, Oliver Humpage wrote: > On 8/4/06 12:52 am, "David Lang" wrote: > >> 5TB/day is a sustained 60MB/sec (1 1/2 DS-3's or so), given that you have >> a lot of peaks it's reasonable to ...
On Sun, 9 Apr 2006, Oliver Humpage wrote:
> On 8/4/06 12:52 am, "David Lang"
>> 5TB/day is a sustained 60MB/sec (1 1/2 DS-3's or so), given that you have
>> a lot of peaks it's reasonable to say that your peak traffic is 2-3x that
>> value. you are still talking about ~200Mb/sec of traffic.
> Is that not 200MB/sec = 1600Mb/sec? I.e. you either need to load balance, or
> get a box with >1Gbps ports in it?
If I did make the Bytes/bits mistake (not having the original message
handy to check I don't know) then the average traffic would be ~500mb/sec
(min 4 OC-3 lines or 1 OC-12 line) with the peak being significantly
higher then that.
if you are talking about 8+ OC-3 (2+ OC-12) lines then you either need to
split the traffic to keep it well below 1Gb/sec for each set of boxes, or
you are going to 10Gb ethernet.
just load balancing won't solve this as your routers would need >1Gbps
ports on it (assuming that a setup this large will have the lines
connected to different carriers and be running BGP for telco failover).
but if you segement your address space to different interfaces on the
routers then you can split things so that each interface (and therefor
each firewall, and set of servers) doesn't need to exceed 1Gbps
as for the need to load balance the firewalls, it is getting closer to the
point of needing to, but checkpoint has quite a few boxes rated at
3-4Gbps (including that $30k Opteron based sun I mentioned) so even
discounting their rateings to real-world values you may not need to load
it's actually far easier to troubleshoot multiple sets of boxes that are
not load balanced then one (smaller) set of boxes that are.
> firewall-wizards mailing list
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
-- C.A.R. Hoare
firewall-wizards mailing list