Re: [FW1] Large number of Static Routes on a Sun box

Sun, 16 Jul 2000 16:51:26 -0700 


I'm not a Sun guru and they do do some goofy things. But the major
differences between a big Sun and a big Cisco here are fast-switching
on the Cisco and the firewall policy on the Sun. Those two aside, routing
is routing. You go from specific to general and when you hit a matching
rule you stop.

So I'd look at how many specific rules you have to go through before the
majority of your traffic gets processed, both in the routing table and in
the policy. You might be able to optimize either or both further.

I'd also look at the type of traffic -- few big sessions (FTP) would be
sped up by the Cisco because of fast-switching. But lots of small sessions
(HTTP) wouldn't benefit by much, IMO.

HTH
-- 
Jack Coates, Rainfinity SE
t: 650-962-5301 m: 650-280-4376


On Sun, 16 Jul 2000, William J Husler wrote:

> 
> We have a firewall (FW-1 v4) running on a Sun ES450 that connects numerous
> subsidiary networks. As a result of the divergent networks involved (as well
> as address translation in some cases), we have add a number of static
> network routes (and static host routes) to the firewall. We are currently up
> to almost 200 lines in the routing table. This firewall is experiencing
> through-put problems (at least everyone is pointing fingers at it) and the
> vendor (Sun) tech support has stated that it could be caused by this large
> number of static routes. Has anyone else experienced this scenerio or have
> experience with a large routing table on a Sun box? One comment I
> particularly did not like was "It's not a router you know". Just what do
> they think a firewall does anyway?
> Bill
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to