You may need a combination of devices to get optimal load balancing,
and the solution may very well depend on the protocols involved. One
of the problems in our industry is to try to get a single box, with a
single processor, to do everything well.
It may be appropriate to treat the PIXen (informal plural I just
invented, after the plural of DEC VAX being VAXen) as a cluster (boy,
am I sounding VAX-ish). The actual load balancing would be done on
Local Directors (or similar TCP session level load distributors)
between the PIXen and the routers, potentially both on the inside and
outside.
If your management demands that everything be done on the PIX, you
might quote Samuel Johnson to them: "the important thing about a dog
walking on his hind legs is not how well he does it, but that he does
it at all."
>They won't load balance natively. The problem with getting a load balancer
>before the PIX is that you either have it on the inside balancing outbound
>traffic or outside balancing inbound traffic. The PIX needs a static route
>for traffic going the other direction and you can't have multiple default
>routes on a PIX. The interface without the load balancer would have to have
>some kind of rigged BGP or something like that to distribute coming to the
>pixes or you'll have routing issues.
Remember that the finest granularity of which BGP is aware is a
subnet, ignoring global prefix length issues. As soon as you start to
deal with things on a server level, you are talking about things that
operate at Layer 4 or 7, and that standard routing doesn't understand
(ignoring the ill-defined term content routing, which simply injects
layer 7 information into the routing system).
>
>I could be wrong...just my first thougth on the situation....without COFFEE.
>
>I don't think there's any easy way to do this...
>
>----- Original Message -----
>From: "Rossetti, Stan" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, March 07, 2001 10:01 AM
>Subject: Load Balancing Across Multiple PIX
>
>
>> Hello Everyone,
>>
>> Does anybody know if it is possible to load balance across multiple PIX
>> firewalls? I have looked at numerous Cisco web pages, but never any
>mention
>> of load balancing. I have talked to a sales engineer and he has said that
>> to get 1GB of throughput from a PIX firewall, you need to install 3 PIX
>> firewalls and do load balancing across them. The max throughput from one
>> PIX is 370MBps. Of course, I can't get the sales engineer to return my
>call
>> now. Doe anyone know if this is true? Do you have to have 3 PIX to do
>load
>> balancing? I would like to just do load balancing across 2 PIX firewalls.
>> Is this possible?
>>
>> Thanks in advance.
>>
>>
>>
>>
>> Thanks
>>
>> Stan Rossetti
>>
>>
>> NASA - PriSMS
>> Advanced Technology Group
>> Voice: (256) 544-5031
>> Email: [EMAIL PROTECTED]
>> Beeper: 544-1183 pin 0112
>>
>> CCDA, CCNA, CCSE
>>
>> _________________________________
>> FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
