[Sidewinder] BigIP

Sidewinder moderated discussion list sidewinder at adeptech.com
Wed May 7 11:40:16 EDT 2008 

I've used a BigIP system before for load balancing across a firewall, 
but never a Sidewinder.

The BigIP box I used was fairly simple to configure, but added another 
layer of routing.  It was also expensive compared to some other load 
balancing devices.

I've performed performance testing of a Sidewinder G2 previously and it 
flies.  IMHO, I would recommend only using a load balancing device ONLY 
when you have an environment where a single firewall can not handle the 
job (ie, your network pipe is at least 300-400Mbps).  If you need a 
fail-over solution, use an HA sidewinder design.

The problem with load balancers, is that they add a significant level of 
complexity to a firewall design, they add another level of failure, and 
I haven't seen a load balancing design that can support a third-security 
zone like a DMZ.

When I performed Sidewinder testing, I found that the Sidewinder MTA, 
Sendmail, was VERY slow and added too much load to the firewall.  If you 
run ANY MTA on the firewall, other concerns such as disk space and disk 
I/O now become a major issue as the firewall can easily backup with mail 
that can not be delivered and it must also hold all of the mail until it 
can be delivered.  An MTA on a firewall with any significant throughput 
is not the best design, IMO.  The Sendmail MTA could do at most ~23 
simultaneous emails when I tested.  To get this throughput you actually 
have to tweak the MTA to accept email no matter what.  The result is 
that the Sidewinder was crushed handling email.  Sendmail is a great 
MTA, but a huge resource hog.

As a result, you now have the SMTP proxy you can use.  I've tested it 
and was able to get 300-400 simultaneous emails with no significant 
performance hit.  As a matter of fact, it appeared that I was only 
limited by the 100Mbps line that I was using.

I was testing using the 2 processor Sidewinder that is 2U high.  Now 
referred to as the 2150 and was running 6.X code.

Sidewinder moderated discussion list wrote:
> Has anyone used BigIP boxed in front of Sidewinder?
> 
> 
>       ____________________________________________________________________________________
> Be a better friend, newshound, and 
> know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> _______________________________________________
> Sidewinder mailing list
> Sidewinder at adeptech.com
> http://mail.adeptech.com/mailman/listinfo/sidewinder

More information about the Sidewinder mailing list