-----BEGIN PGP SIGNED MESSAGE-----
Also a clarification of the Resonate setup we are discussing.
Resonate specifies one (or more) boxes as a "primary scheduler", all
traffic first goes to that box for distribution. If that box goes down a
"backup scheduler" can take over (default takover time 5 sec) and
continue. It is this failover which the PIX would have trouble with. The
scheduler boxes can be you existing servers or (as in my case) they can be
seperate boxes to avoid any load on existing servers.
David Lang
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
On Thu, 21 Jan 1999, Carric Dooley wrote:
> Date: Thu, 21 Jan 1999 14:14:21 -0500
> From: Carric Dooley <[EMAIL PROTECTED]>
> To: "'Schaar, Norbert'" <[EMAIL PROTECTED]>,
'David Lang' <[EMAIL PROTECTED]>
> Cc: 'rich' <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: RE: Resonate and Pix
>
> Sorry if this is a tangent, but:
>
> Could someone not use something like a Local Director or RND Networks
> Radware device? This is a hardware load balancing/fault tolerance solution
> that would show one mac/ip while shuffling traffic for multiple addresses.
> This eliminates the need for 3rd party software (like Vinca.. ichhhh...) and
> you get to use both boxes at the same time.
>
> (right now I would probably do the RADWare ISD or something, but Cisco
> claims their next release of local director will smoke the competition. We
> shall see...)
>
> -----Original Message-----
>
>
> I've got your point. Two ways come to my mind:
>
> 1. Two servers running in parallel. There you have two IP addresses/MAC
> addresses known by PIX. But for this approach the highav needs load
> balancing through dynamic routing (ospf would be an excellent choince).
>
> 2. Two server using any proprietary hot standby, which provides a pseudo (or
> virtual) MAC address to the PIX, so that take over from one server to the
> other is not perceived by the PIX.
>
> Sure the alternative is to drop PIX.:-)
>
> Regards
>
> Norbert Schaar
> Firewall Team - Network Security Services
> Dresdner Global IT Services - DreGIS
> Dresdner Bank AG
>
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNqeTiD7msCGEppcbAQHWbwf6An60RDzbMorxlS/QPY/R7jc+USxjI561
yCt2QRElKeJgHU+qM4UPQWgdZ0EB6K0AHesDaO7+4QjD3vgB4c+KEFfJHl2LtZQl
0Twa/MES4CC0JzZFminLOe85pnP/L2lBDVafw1HZ3uU8mHrr4CrlztYcMqjBODRc
EXooog82GZdicheqdSdGg1fpnpqWUU3I+grhsbSYrrQIiru6LsQMUgzawPxcygHG
UgBYjQKeJmo3hcMhqaWYz6UCrkjXoh7fLijQKJB5iqZT0neO2RO726E8FBAL8V/e
6sVkqBtdZBweaoEuLjQQyOd1IlB86sZQg2Xma2n4LeeWwcyvp8aOfw==
=B8Uu
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
