I have seen this done, there are some parameters you can set so that the
clustering software (depending on what you use, Stonebeat and ClusterXL for
sure) gives more time for latency. The only issue you would have is with
actual packet loss, which will cause them to flip as soon as an interface
goes down, unless you mark that as an interface not to be monitored.
You'll also need to consider the state synch, are you going to do it or
not? My advice, if going over WAN, would to not to do and just plan on
losing state sessions if you have to fail.
Generally, you dont want a situation where your latency is over 500ms with
1-2 packet loss (or non at all). I have heard of up to 5% packet loss at
times being OK, but in practice no way.
If you turn off state synch, the latency effects on the cluster should be
minimal. You're mostly relying on that WAN line at that point. Perhaps a
baseline of the OC3/12 first before you make the decision?
Regards,
Matt Goddard
Security Information Team
"To find out what one is fitted to do and to secure an opportunity to do so
is the key to happiness."
|---------+-------------------------------------------->
| | Douglas Sawyer |
| | <SAWYEDG AT TRINITY-HEALTH DOT ORG> |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <FW-1-MAILINGLIST AT AMADEUS.US DOT CHEC|
| | KPOINT.COM> |
| | |
| | |
| | 12/22/2004 10:16 AM |
| | Please respond to Mailing list |
| | for discussion of Firewall-1 |
|---------+-------------------------------------------->
>----------------------------------------------------------------------------------------------|
|
|
| To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
|
| cc:
|
| Subject: [FW-1] Long Distance Redundancy
|
>----------------------------------------------------------------------------------------------|
Has anyone split a cluster over long haul circuits in a hot standby
role? I am wondering if this would work if I had a OC3/OC12 connecting
them together over a 700 plus miles.
I have two data centers, rather then create a separate unique cluster
in each I would prefer to split one cluster between them. I plan on
doing this for my redundant management stations anyway but I wonder what
the latency effects would have on the cluster. I am using SPLAT so VRRP
is not used.
I do not plan on load balancing, standby by only.
Douglas Sawyer
sawyedg AT trinity-health DOT org
Sr. Security Analyst
Office 248-489-5016
Pager 248-523-7977
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
