The multicast is part of the IGMP snooping protocol. Correct? I think Stonebeat
has a very elegant solution. I also like the Stonebeat DNS Cluster.
[EMAIL PROTECTED] wrote:
> Peter,
>
> Your statements about StoneBeat FullCluster are misleading or erroneous.
>
> > Because the FullCluster method utilizes (rather improperly)
> > a multicast address to address multiple firewall devices, you
> > will never exceed the maximum throughput available on a given
> > interface.
>
> We do not "improperly" use multicast addresses. Our use of multicast MAC
> addresses follows Ethernet multicast standards.
>
> > For example, a 3-node cluster with 100Mbps Full-Duplex interfaces will
> > max out at 100Mbps (theoretical maximum). Since traffic must be
> rebroadcast
> > to all interfaces in the cluster via the multicast address, all
> interfaces
>
> Multicast traffic is not "rebroadcast" to interfaces. It is the
> transmission
> of a single datagram to multiple interfaces at the same time. And any
> interface
> running at 100 Mbps full duplex will theoretically handle 200 Mbps, not 100
> Mbps.
>
> The traffic throughput through a firewall is not bottlenecked at the
> interface
> anyway, but by the firewall software, which performance is determined by
> the
> use of NAT, VPNs, number of rules, and other factors.
>
> > It would be possible to exceed the interface's capacity by utilizing
> > multiple interfaces (like an etherchannel configuration). The stonebeat
> > HA software can be configured in a load-balancing configuration which may
>
> The StoneBeat HA software does not perform load balancing. It is a basic
> high
> availability or load sharing solution. StoneBeat FullCluster performs load
> balancing,
> and does so up to 16 nodes per cluster. FullCluster also supports the use
> of
> multiple cluster IP addresses, which would increase its potential
> throughput
> of the limitations you suggest. That's assuming someone wants to lose the
> transparency of the network device, and deal with the problems of a
> multiple
> IP environment and the complexity it introduces.
>
> ----------------------------------------------------------------
> Mark Boltz Stonesoft, Inc.
> Network Security Specialist 115 Perimeter Center Place
> [EMAIL PROTECTED] South Terraces, Suite 1000
> Tel: +1 770 668 1125 Atlanta, GA 30346
> Cel: +1 404 386 8500 USA
> Fax: +1 770 668 1131 http://www.stonesoft.com
>
> New support numbers!
> Toll free: 866-435-7324
> Other areas: 678-259-3400
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
