Yes CARP/LACP layer2 load balancing was my first preference of design. There is a very expensive Alcatel-Lucent 7750 on the upstream(red) side that these machines are plugged into which does our BGP session handling to our peer among other carrier things. These boxes whilst very capable - are esoteric when you want to any sort interactive inspection of L3 traffic, and I enjoy having the flexibility and familiarity of OpenBSD on the FW.
In our existing setup I have noticed that with the existing SUN v215 OBSD box ends up being the pinch point - especially when we have multicast running internally it becomes very noticeable wrt Latency and Throughput. Sounds like I should retire the v215 - I was hoping I might be able to prolong it's life as part of the HA setup; it boots very quickly in comparison to the HP hardware something quite useful in a Firewall - but seems I should perhaps put a Soekris or something else in-line for that purpose. Kind regards -Joel On 5 December 2012 11:27, Loïc BLOT <loic.b...@frostsapphirestudios.com> wrote: > Hi Joel, > You can mix several architectures, that's not a problem for firewall and > routers, IP is OS arch independant. > The thing you must consider is packet processing. Some architectures are > fast to process for packets than other (with equivalent perfs on paper). > If you doesn't need low latency, you don't have to consider this thing. > Do you want to make a load balanced infrastructure (like CARP LB) ? > > -- > Cordialement, > Loïc BLOT, expertise en systèmes UNIX, sécurité et réseaux > Frost Sapphire Studios > > Le mercredi 05 décembre 2012 à 10:15 +1300, Joel Wirāmu Pauling a > écrit : > >> Kia ora/hello, >> >> I am currently redesigning one of our border edge Firewalls and want >> to split the existing SPARC64 v215 into several DL140's in an HA - >> Active/Load-balanced configuration. >> >> The Sparc64 hasn't been without issues - and is currently running 4.9 >> release + some patches and is due for a re-install in any-case. >> >> My question is whether or not it is considered a 'good idea' to mix >> and match Archs. Effectively The question is if it is worth retaining >> the v215 alongside the two dl140's as part of the border FW solution. >> >> >> question to determine if : >> >> a) Anyone is doing this? (mixing amd64/i386/sparc64) >> b) Gotcha's >> c) If this is generally considered a 'good idea'? >> >> >> >> Kind regards >> >> -Joel >> >> http://gplus.to/aenertia >> http://linkedin.com/in/aenertia >> @aenertia
