Re: Speeds and feeds

From: Bruce B. Platt (Bruce.Plattat_private)
Date: Fri May 29 1998 - 13:06:48 PDT

Next message: M. Dodge Mumford: "Re: Identifying End of Tx in FTP"

Previous message: Laris Benkis: "Re: Identifying End of Tx in FTP -Reply"
Maybe in reply to: Stout, Bill: "Speeds and feeds"
Next in thread: Drexx Depuno: "Re: Speeds and feeds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 02:06 PM 5/26/98 -0400, Stout, Bill wrote:

After thinking about this for a few minutes, and reading the previous responses:

I thought Thomas H. Ptacek's suggestion to look at the actual data on line
use was right on the money.

I'd want to see that they are actually saturating their T1.  

Alpha's are great fw machines, especially running the AltaVista Product, and
I've never seen any of our customer's get saturated, but I wouldn't just
throw HW at it.

The IP adress depletion is simplest to fix by giving them a FW that will let
them use RFC 1597/1918 addresses behind it.  In today's address space, it's
hard for most organizations to deplete the 10 network!  Your comment about
their internal machines being hit by external packets would be troubling to me.

Regards,

Bruce





->
->I'm working with a company currently using a T1 which becomes very
->sluggish when engineers do many FTP and HTTP sessions through a state
->firewall on a Netra-1 (firewall is not a bottleneck).  They're thinking
->of upgrading to a T3 with a fast proxy server (+ VPN) since they also
->are running out of IPs, and internal systems are getting hit by external
->packets.
->
->My knee-jerk reaction is to use a very fast CPU system (600MHz Alpha)
->and Altavista FW with 100Mbps cards.
->                                             webservers
->                         |
->  Internet--(T3)---R1---FW---+----R2----Internal LAN
->                            VPN
->                         Tunnel Svr
->
->I'm wondering about alternatives to the situation, one is multiple T1s
->coming into a set of BGP net for redundancy, and to partition FTP/HTTP
->proxies on one server, and remaining traffic on a second server
->(allowing future cluster or fail-over via scripts and IP failover of
->secondaries).  Although this actually may be cheaper, faster and more
->reliable, but it's more complex, and harder for the company to fix if it
->dies (fails into a degraded mode).  Also most local traffic may route
->through a single T1, and they may inadvertantly become an Internet
->eXchange.
->
->    Internet
->    | | | 
->   (n+1 T1s)
->    | | | 
->  Cisco 2500s
->    | | | 
->  Hub/switch
->    |    |
-> FW-A   FW-B
->
->FW-A could be used for outbound client system access, and FW-B could be
->used for inbound/server protocols (VPN, webserver SQL, NTP, SMTP, DNS,
->etc).  A dual-subnet webfarm could connect to third interface on both.
->Hmm, too complex maybe.
->
->Opinions?
->
->Bill Stout
->
->
->
+--------------------------------------+
Bruce B. Platt, Ph.D.
Comport Consulting Corporation
78 Orchard Street
Ramsey, NJ 07446
Phone: 201-236-0505  Fax: 201-236-1335
bbpat_private, bruce@ bruce.platt@

Next message: M. Dodge Mumford: "Re: Identifying End of Tx in FTP"
Previous message: Laris Benkis: "Re: Identifying End of Tx in FTP -Reply"
Maybe in reply to: Stout, Bill: "Speeds and feeds"
Next in thread: Drexx Depuno: "Re: Speeds and feeds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:20 PDT