Re: [FW1] Maximum Throughput? - 1 GBit/s required

Tue, 14 Nov 2000 09:55:18 -0800 




Peter,

Your statements about StoneBeat FullCluster are misleading or erroneous.

> Because the FullCluster method utilizes (rather improperly)
> a multicast address to address multiple firewall devices, you
> will never exceed the maximum throughput available on a given
> interface.

We do not "improperly" use multicast addresses. Our use of multicast MAC
addresses follows Ethernet multicast standards.

> For example, a 3-node cluster with 100Mbps Full-Duplex interfaces will
> max out at 100Mbps (theoretical maximum).  Since traffic must be
rebroadcast
> to all interfaces in the cluster via the multicast address, all
interfaces

Multicast traffic is not "rebroadcast" to interfaces. It is the
transmission
of a single datagram to multiple interfaces at the same time. And any
interface
running at 100 Mbps full duplex will theoretically handle 200 Mbps, not 100
Mbps.

The traffic throughput through a firewall is not bottlenecked at the
interface
anyway, but by the firewall software, which performance is determined by
the
use of NAT, VPNs, number of rules, and other factors.

> It would be possible to exceed the interface's capacity by utilizing
> multiple interfaces (like an etherchannel configuration).  The stonebeat
> HA software can be configured in a load-balancing configuration which may

The StoneBeat HA software does not perform load balancing. It is a basic
high
availability or load sharing solution. StoneBeat FullCluster performs load
balancing,
and does so up to 16 nodes per cluster. FullCluster also supports the use
of
multiple cluster IP addresses, which would increase its potential
throughput
of the limitations you suggest. That's assuming someone wants to lose the
transparency of the network device, and deal with the problems of a
multiple
IP environment and the complexity it introduces.

----------------------------------------------------------------
Mark Boltz                                       Stonesoft, Inc.
Network Security Specialist           115 Perimeter Center Place
[EMAIL PROTECTED]              South Terraces, Suite 1000
Tel: +1 770 668 1125                           Atlanta, GA 30346
Cel: +1 404 386 8500                                         USA
Fax: +1 770 668 1131                    http://www.stonesoft.com


New support numbers!
Toll free:    866-435-7324
Other areas:  678-259-3400



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to