[load balancing] Alteon and Firewall load balancing...

From: CihanSIZZATgaranti.com.tr
Date: Thu Jul 01 2004 - 10:28:49 EDT


Hi,

I am doing FLB with 2 alteons on top and 2 down...And I am using
Nokia+CKP NG as firewall. When I turn on SynDefender on firewall my drop
rate increases dramatically due to syn defense. Firewall assumes most of
the requests syn attack and rejects the connections..

The log entry on firewall is, "SmartDefense warning syn-->syn
ack-->timeout"

I have talked to checpoint they mentioned that this could be because of
the alteon behaviour when doing load balancing. Anybody has ever
encountered such a problem....And how can I prevent it?

Thanks

***********************************************************
Cihan SUBASI
Garanti Technology
Internet ve Yazilim Hizmetleri
Tel:(90)(212)4783426 GSM:(90)(533)(2750353)
Fax:(90)(212)6576150
http://www.garantitechnology.com <http://www.garantitechnology.com/>
mailto:cihansIZZATgaranti.com.tr
Success is a wonderful thing, but never underestimate the value of
failure. Failure teaches many more things than success ever can.
***********************************************************


This message and attachments are confidential and intended solely for the individual(s) stated in this
message.If you received this message although you are not the addressee you are responsible to keep the
message confidential .The sender has no responsibility for the accuracy or correctness of the
information in the message and its attachments.Our company shall have no liability for any changes
or late receiving,loss of integrity and confidentiality,viruses and any damages caused in
anyway to your computer system.

Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir.Bu mesajin muhatabi
olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yukumlulugune
uyulmasi zorunlulugu tarafiniz icin de soz konusudur.Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve
guncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz
mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, butunlugunun ve gizliliginin
korunamamasindan, virus icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan
sorumlu tutulamaz.
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com



This archive was generated by hypermail 2.1.4 : Tue Jul 13 2004 - 03:42:48 EDT