[FW-1] ClusterXL Active/Active Unicast versus Multicast mode

Sun, 04 May 2008 09:46:42 -0700 

I have a question regarding ClusterXL Active/Active in
Unicast mode with 30% on the Pivot node and 70% on the
other node.  I have a pair of Sun X4200-M2 dual Opteron,
dual-core with 4GB RAM, runningin ClusterXL Active/Actve
Unicat Mode in NGx R65 2.6 kernel.  This cluster is
managed by a CMA inside a Provider-1 NGx R65 with 
HFA_02 SPLAT.  I have about 200 rules in the security
policy with about 10k objects (network and services), 
and that the Iperf rule is at the bottom of the
security policy, just above the clean-up rule.

Everything is connected to a Cisco Catalyst capable 
of easily handling 10GB throughput without issues.

I have 6 Dell 2950-III servers outside of the
firewalls, 3 Iperf clients and 3 Iperf servers.  I also
have 6 Dell 2850 servers inside the firewall, with 3
Iperf servers and 3 Iperf clients.

When I fired off 3 Iperf clients from outside the firewall
to connect to 3 Iperf servers inside the firewall, I
see that my throughput on the Pivot node is about 980Mbps
receiving and 600Mbps transmitting.  That 600Mbps transmitting
is going from the Pivot node over to the other node in
the cluster.  I can NOT go above 980Mpbs in Active/Active
Unicast mode.  

Therefore I have the following question:

1- In order to go >1Gbps throughput, I have to use
Cluster Active/Active Multicast mode.  Because in muticast
mode, there is NO pivot node, the traffics will hit all of the
firewall thus 50% load on each firewall is expected.
Is that correct?

2- In term of throughput alone, there is NO difference
between Active/Active Unicast mode and Active/Standby because
the "pivot" node has to handle the initial connection and then
forward it to the "non" pivot node.  Is that correct?


Thanks guys


       
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it now.

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to