Greetings,
I was in this type of senerio. To load balance the firewalls
2-Nokia-Checkpoint) we used 4 Cisco (Arrowpoint) 11000. They are in
failover mode with identical configs. One and two are in front of the
firewalls. Three and four are below the firewalls. The trick is to make
the conve
That is a rediculously overpriced solution to the problem at hand!
- Original Message -
From: Wayne & Therese Lawson <[EMAIL PROTECTED]>
Newsgroups: groupstudy.cisco
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 08, 2001 11:51 AM
Subject: Re: Load Balancing Across Mul
If you're looking for optimal load balancing across firewalls look
at the CSS product line (Cisco of course). You're going to want
to take advantage of the multiple "sticky session" options and
the performance advantage over the LD.
- Wayne, CCIE # 5244,
CCNA, CCDA, Nortel NCSE,
MCSE, CNE, CNX E
Would he run into any problems with persistence?
For example apacket enters firewall #1, and gets routed out firewall two? I
could see some potential problems with asymetric routing occuring.
I know with Checkpoint you can sync the state tables, which takes at a
minimum of around 50-100 ms. O
You would be far better off manipulating the routes (routing protocol) in
your network with the routers on the inside of the PIX, and then just
letting the the traffic flow through the PIX as usual. You will find this
solution much easier to implement and far more forgiving on your pocketbook!
Of
Resources
> Network Operations Control Center
> Norfolk Naval Shipyard
> Bldg 33 NAVSEA NCOE
> 757-393-9526
> 1-800-626-6622
>
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 3:57 PM
>
there is a specific example in the IOS 12.1(5a)E release notes-
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
limit/121e/121e5/iosslb5e.htm
you end up back-ending the PIXen on the inside ;-) with a
multiple-interface router.
-e-
- Original Message -
From
val Shipyard
Bldg 33 NAVSEA NCOE
757-393-9526
1-800-626-6622
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 16, 2001 3:57 PM
To: '[EMAIL PROTECTED]'; Rossetti, Stan
Subject: Re: Load Balancing Across Multiple PIX
Stan,
As pointe
Stan,
As pointed out by others, your best bet for load-balancing across
multiple PIX boxes is an external load-balancer ala local-director,
arrowpoint, foundry, etc.
However, in regards to throughput, Cisco claims 1Gbps cleartext
throughput on the new PIX 535. At that speed, its doubtful you
AM
To: Rossetti, Stan; [EMAIL PROTECTED]
Subject: Re: Load Balancing Across Multiple PIX
They won't load balance natively. The problem with getting a load balancer
before the PIX is that you either have it on the inside balancing outbound
traffic or outside balancing inbound traffic. The P
You may need a combination of devices to get optimal load balancing,
and the solution may very well depend on the protocols involved. One
of the problems in our industry is to try to get a single box, with a
single processor, to do everything well.
It may be appropriate to treat the PIXen (in
They won't load balance natively. The problem with getting a load balancer
before the PIX is that you either have it on the inside balancing outbound
traffic or outside balancing inbound traffic. The PIX needs a static route
for traffic going the other direction and you can't have multiple defau
12 matches
Mail list logo
