On Tue, May 9, 2006 8:18 am, Hisham Mardam Bey said: > On 5/8/06, Daniel Hartmeier <[EMAIL PROTECTED]> wrote: >> If somewhat inprecise limits are acceptable, the most simple solution is >> to only guarantee >> >> X + Y <= 2*N >> >> by limiting both firewalls to N connections. You guarantee the client N >> connections (no matter where they flow through), and count the >> difference between N and 2*N as imprecision. That might sound awfully >> imprecise at first, but in most cases, is good enough. >> >> Maybe you can explain why you need precisely N, what value N would >> typically have, and why 2*N would be unacceptable. > > Daniel, the X + Y <= 2*N idea is fine actually. The way I see it, I > can either do that, or keep each client going through one of my > backends only (that way I use a static approach to divide my clients > across the backends using the bridge). Typically, we are looking at > around 20 sessions per client.
If you know they can get states from both machines, you could limit that imprecision some. For instance, if X = Y = 0.75N, then X + Y <= 1.5N. That would allow a single client to probably have between 0.75N and 1.5N connections, maximum. I probably wouldn't set X and Y to 0.5N though; then they *have* to use both gateways, and balance their connections evenly between them. But you can play with the numbers and see what limits you actually get, and compare that to what you need to be able to do. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------
