Date: Fri, 10 Aug 2001 12:19:25 +0200 From: Vadim Belman <voland@lflat.org> To: freebsd-security@FreeBSD.ORG Subject: Re: distributed natd Message-ID: <20010810121922.E47532@unlink.catpipe.net> In-Reply-To: <200108100225.MAA23117@tungsten.austclear.com.au>; from ahl@austclear.com.au on Fri, Aug 10, 2001 at 12:25:04PM %2B1000 References: <20010810032158.T3889@gnjilux.cc.fer.hr> <200108100225.MAA23117@tungsten.austclear.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 10, 2001 at 12:25:04PM +1000, Tony Landells wrote: > > I'm not sure I understood correctly - what are you aiming for? The > > performance increase due to two firewalls simultaneously processing > > traffic or the reduncancy of having one firewall take over if the > > other fails? > > > If it's the latter, I believe there are simpler solutions than > > rewriting natd. > > Mostly the latter, with an additional (side benefit) of the former. > > We have several "long-term" connections for application services > that go through our firewall(s). At the moment if one of the firewalls > went down we'd have a major exercise to change DNS, restart services, > and so on to switch everything across. > > If we were using "virtual" addresses then the switchover would be > more or less transparent. > > However, we don't have a one-to-one mapping between internal addresses > and external addresses, so there is a chance that the mapping one > firewall would choose wouldn't be the same as that chosen by the > second. > > Hence my suggestion. > > The side benefit is that I could then look at, for example, using > dynamic routing to get equal cost paths through each box for load > sharing when they're both up. I would point you to http://www.f5.com. Price might be of some concern here, of course, but BIG-IP is really good solution here. -- /Voland Vadim Belman E-mail: voland@lflat.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010810121922.E47532>