If you're looking for optimal load balancing across firewalls look
at the CSS product line (Cisco of course). You're going to want
to take advantage of the multiple "sticky session" options and
the performance advantage over the LD.
- Wayne, CCIE # 5244,
CCNA, CCDA, Nortel NCSE,
MCSE, CNE, CNX Ethernet
""Howard C. Berkowitz"" <[EMAIL PROTECTED]> wrote in message
news:p05001933b6cc23d60d2f@[63.216.127.100]...
> You may need a combination of devices to get optimal load balancing,
> and the solution may very well depend on the protocols involved. One
> of the problems in our industry is to try to get a single box, with a
> single processor, to do everything well.
>
> It may be appropriate to treat the PIXen (informal plural I just
> invented, after the plural of DEC VAX being VAXen) as a cluster (boy,
> am I sounding VAX-ish). The actual load balancing would be done on
> Local Directors (or similar TCP session level load distributors)
> between the PIXen and the routers, potentially both on the inside and
> outside.
>
> If your management demands that everything be done on the PIX, you
> might quote Samuel Johnson to them: "the important thing about a dog
> walking on his hind legs is not how well he does it, but that he does
> it at all."
>
>
> >They won't load balance natively. The problem with getting a load
balancer
> >before the PIX is that you either have it on the inside balancing
outbound
> >traffic or outside balancing inbound traffic. The PIX needs a static
route
> >for traffic going the other direction and you can't have multiple default
> >routes on a PIX. The interface without the load balancer would have to
have
> >some kind of rigged BGP or something like that to distribute coming to
the
> >pixes or you'll have routing issues.
>
> Remember that the finest granularity of which BGP is aware is a
> subnet, ignoring global prefix length issues. As soon as you start to
> deal with things on a server level, you are talking about things that
> operate at Layer 4 or 7, and that standard routing doesn't understand
> (ignoring the ill-defined term content routing, which simply injects
> layer 7 information into the routing system).
>
> >
> >I could be wrong...just my first thougth on the situation....without
COFFEE.
> >
> >I don't think there's any easy way to do this...
> >
> >----- Original Message -----
> >From: "Rossetti, Stan" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Wednesday, March 07, 2001 10:01 AM
> >Subject: Load Balancing Across Multiple PIX
> >
> >
> >> Hello Everyone,
> >>
> >> Does anybody know if it is possible to load balance across multiple
PIX
> >> firewalls? I have looked at numerous Cisco web pages, but never any
> >mention
> >> of load balancing. I have talked to a sales engineer and he has said
that
> >> to get 1GB of throughput from a PIX firewall, you need to install 3
PIX
> >> firewalls and do load balancing across them. The max throughput from
one
> >> PIX is 370MBps. Of course, I can't get the sales engineer to return
my
> >call
> >> now. Doe anyone know if this is true? Do you have to have 3 PIX to
do
> >load
> >> balancing? I would like to just do load balancing across 2 PIX
firewalls.
> >> Is this possible?
> >>
> >> Thanks in advance.
> >>
> >>
> >>
> >>
> >> Thanks
> >>
> >> Stan Rossetti
> >>
> >>
> >> NASA - PriSMS
> >> Advanced Technology Group
> >> Voice: (256) 544-5031
> >> Email: [EMAIL PROTECTED]
> >> Beeper: 544-1183 pin 0112
> >>
> >> CCDA, CCNA, CCSE
> >>
> >> _________________________________
> >> FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >>
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
