You might want to consider a load balancing solution like the
CS100 by Arrowpoint.com as it has a CERN compliant firewall
feature-set inherent in its IOS. It has both the
Local & Distributed director features and is ultra fast.
I'm not saying dump your current firewall, but you may want
to consider an extra layer of filtering prior to the servers
you wish to load balance.
The stickiness issue you (someone) described is due to Mega
proxies that assign a new ip when the user makes an SSL connection.
Most people get through this by encoding a cookie field in the URL
and then having the Load balancing solution examine the URL
for that cookie string. Then the load balancing solution
keeps the user to the same server even though a new ip address
has appeared.
Shout if im mistaken.
Joey
-----Original Message-----
From: Jonathon William Ross [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 25, 2000 2:27 PM
To: Ryan Russell
Cc: [EMAIL PROTECTED]
Subject: Re: Load Balancing (Enough Already)
This can cause problems if you are using stateful filtering.
Products such as PIX, however, can work in a redundant fashion.
This means if one PIX falls over, the other PIX takes over it's
states.
However, firewalls are not for high-tech load balancing. Look
at Cisco LocalDirector and Distributed Director, and F5 Networks
BIG/ip and 3DNS products if you want stateful failover of
layer 7 information.
JWR
On Fri, Feb 25, 2000 at 09:31:12AM -0800, Ryan Russell said:
--> On Fri, 25 Feb 2000, It's The Zoooomer wrote:
-->
--> > The only problem with Round Robin load balancing is
--> > stickiness... What happens when you load something in
--> > a shopping cart and the secure server goes belly up
--> > and another one takes over.. Do you
--> > re-authenticate...?
--> >
-->
--> For that type of application, the balancing problem gets pushed back to
--> the database servers, which all have their own unique HA/Balancing
--> solutions.
-->
--> Ryan
-->
--> -
--> [To unsubscribe, send mail to [EMAIL PROTECTED] with
--> "unsubscribe firewalls" in the body of the message.]
--
+---------------------------------------------------+----------------------+
| Jonathon W. Ross | Web: www.isa.net.au |
| Systems Administrator | Tel: +61 2 6230 4444 |
| Internet Solutions Australia Pty Ltd | Fax: +61 2 6230 4455 |
| Wholly Owned Subsidiary of Ramsgate Resources Ltd | ACN: 086 692 211 |
+---------------------------------------------------+----------------------+
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
