Create an Account
username: password:
 
  MemeStreams Logo

Help, I'm Stuck On Stupid

search
Home Agent Weblogs Social Network Post Help About

Hijexx
Picture of Hijexx
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Hijexx's topics
Arts
  Movies
   Documentary
  Electronic Music
Business
  Finance & Accounting
  Telecom Industry
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
Current Events
Recreation
Local Information
Science
  Biology
Society
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
  Media
Sports
Technology
  Computer Security
  Linux
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Help, I'm Stuck On Stupid
Topic: Computer Security 7:47 pm EDT, Sep 20, 2004

Trying to figure out something in a redundant firewall design. Two legged firewall design, two of everything. So two switches on the internal side of the cluster, two switches on the external side as well. Firewalls are running active/active. Internal switches are trunked together. External switches are trunked together. From top to bottom we have:

ExSwitchA ExSwitchB

FirewallA FirewallB

InSwitchA InSwitchB

Question is this: How can you cross connect, for example, the external switches so that ExSwitchA touches both FWA & B, and ExSwitchB touches both firewalls as well? Reason being if ExSwitchA fails, you still want B to throw packets at both firewalls.

I'm cooking up a few things in my mind but it gets ugly at layer 3. Assume that the firewalls cannot aggregate their links. Assume the clustering solution is a multicast software load balance solution. Assume OSPF is available.

I'm willing to live with "lose a switch, lose a firewall" and just have the firewall be fat enough to cope with the bandwidth but as an exercise I'm just trying to think about how to handle this.

Thread [5]


  
 
Powered By Industrial Memetics		RSS2.0