• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion for Firewall Fault Tolerance: Windows 2000 NLB versus RainWall article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Discussion for Firewall Fault Tolerance: Windows 2000 NLB versus RainWall article Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion for Firewall Fault Tolerance: Windows 2000 N... - 6.May2003 4:57:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussion of the Firewall Fault Tolerance: Windows 2000 NLB versus RainWall article at http://www.isaserver.org/software_reviews/rainwall.html.

Thanks!
Tom

[ May 06, 2003, 02:52 PM: Message edited by: tshinder ]
Post #: 1
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 7.May2003 6:11:00 AM   
DCawthorn

 

Posts: 5
Joined: 1.May2003
From: Perth, Australia
Status: offline
I'm currently working on a design for a fault tolerant proxy server architecture for about 2500 desktops. Caching using CARP has been identified by the client as a requirement. I need to provide firewall client access for about 100 desktops and I also need to support chained branch proxy servers.

Does rainwall impact CARP?

Can nodes still be managed centrally as part of an array?

Will I still need the enterprise version of ISA?

PS Tom your first book is worth its weight in gold! [Smile]

(in reply to tshinder)
Post #: 2
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 7.May2003 3:01:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Dave,

Thanks for the kind words on the book! [Smile]

NLB and RainWall don't add much utility to CARP, because of how the algorithm works. When you configure the clients as Web Proxy clients, and the clients are using the autoconfig script, the clients perform the client side hash function and direct the request to the server responsible for the request. The servers must keep their dedicated addresses because the load balancing function of CARP assigns individiual servers in the array a percentage of the URLs in the total "URL space".

So, RainWall and NLB provide no added functionality to CARP, but it also doesn't hinder its function either. You should configure an array name and create three A records for that array name and enable DNS Round Robin. The clients will then work through the address list, but you have to make sure you whack negative DNS caching on the clients, or else they might not work through the list [Smile]

HTH,
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 2.Jun.2004 8:32:00 PM   
Guest
Might you be replying to this forum still... I have some questions regarding your article "NLB vs Rainwall"

Hope to hear back...

Kind Regards,
Hakan

(in reply to tshinder)
  Post #: 4
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 4.Jun.2004 1:46:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Hakan,

Sure, what's up?

Thanks!
Tom

[ June 04, 2004, 01:47 AM: Message edited by: tshinder ]

(in reply to tshinder)
Post #: 5
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 9.Jun.2004 3:44:00 PM   
Guest
Awesome [Smile] ...

Ok here's the question...

I read your article about Microsoft NLB on W2k vs Rainwall...

The only thing i wasn't sure about in your article was that you said that a problem you've come across with Windows NLB is that if a situation comes up where a server responds back to say a ISA Firewall in a Microsoft NLB array that the packet might not go to the same ISA server that the request originated from and that this would cause a broken connection...

Is there a way around this with Microsoft Windows 2003 NLB vs Windows 2000 NLB and or does this problem still exist, and if it does is there a way around it...

Thank you so much

Kind Regards,
Hakan

(in reply to tshinder)
  Post #: 6
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 19.Jun.2004 1:02:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Hakan,

The problem can be fixed by using bidirectional affinity. However, its not officially supported for ISA 2000 and ISA 2004 Standard Edition. However, there is a hack that might make it work. If you write to me at tshinder@tacteam.net I'll send you some information on how you might approach fixing this problem.

HTH,
Tom

(in reply to tshinder)
Post #: 7
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 20.Jul.2004 10:50:00 AM   
Guest
Hi Tom/all,

We are looking to configure an ISA 2004 cluster on Win2K3 using NLB also. Are details of the "work-around" for NLB on ISA 2004 SE available anywhere?

Many thanks
Justin

(in reply to tshinder)
  Post #: 8
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 3.May2006 2:38:38 PM   
jeanblu

 

Posts: 17
Joined: 12.Feb.2004
From: Brasil
Status: offline
I´ve a problem in my strutcture and would like a little help.
My ISP link is saturated and now we have adquired a DSL link to add to my structure.
I would like to know if there´s a way to redirect a specified protocol to use this DSL connection. But only the specified protocol, and not all the outbound traffic.
Someone ?

Thanks

(in reply to tshinder)
Post #: 9
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 24.Jul.2006 5:17:21 PM   
mancru

 

Posts: 3
Joined: 21.Jul.2006
Status: offline
Hi Tom

I almost have the same problema as "jeanblu". I want to split HTTP, HTTPS, FTP in one network and SMTP on the other one. Currently I have one card with a public IP pointing to one provider. A second card that is pointing to my internal network and I already added a third card with a private address different to my internal network that is pointig to the router provided by a Second internet provider. I wish to know if Rainconnect product can solve this situation. 

Please Help

(in reply to jeanblu)
Post #: 10
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 25.Sep.2006 2:20:44 PM   
raedaljarrah

 

Posts: 227
Joined: 15.Jul.2001
From: Qatar
Status: offline
Hi Dr. Tom,

Thanks for the interesting article about RainWall for ISA server

We have lots of issues trying to configure NLB on both internal and external interfaces on our two-node ISA 2004 array

My first question is that does the same limitation apply for ISA 2004 Ent array running on Windows Server 2003 Enterprise edition as well?

Thanks

_____________________________

Eng. Raed Al-Jarrah

(in reply to tshinder)
Post #: 11
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 12.Oct.2006 6:15:24 AM   
Snakle

 

Posts: 2
Joined: 12.Oct.2006
Status: offline
Hi,

I have been tasked with configuring a new ISA installation using ISA2006, My question is related to the above topic but I am also looking for some advice concerning application of the proposed solution.

We are presently using a MPLS network and the company would like to be in a position where they can failover between sites eg, Site A will failover to Site B if Site A's Internet connection were to fail. I guess I am interested in finding out whether RainFinity products will support such an installation or whether ISA 2006 enterprise will be the only way to go.

I look forward to your reply and or suggestions.

Neil


(in reply to raedaljarrah)
Post #: 12
RE: Discussion for Firewall Fault Tolerance: Windows 20... - 12.Oct.2006 6:27:24 AM   
Snakle

 

Posts: 2
Joined: 12.Oct.2006
Status: offline
Hi,

Hi, Tom

I have been tasked with configuring a new ISA installation using ISA2006, My question is related to the above topic but I am also looking for some advice concerning application of the proposed solution.

We are presently using a MPLS network and the company would like to be in a position where they can failover between sites eg, Site A will failover to Site B if Site A's Internet connection were to fail. I guess I am interested in finding out whether RainFinity products will support such an installation or whether ISA 2006 enterprise will be the only way to go. Also in your minds eye what would be the best way of implementing said solution as I am more interested in the HA side than the NLB side.

I look forward to your reply and or suggestions.

Neil

(in reply to tshinder)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Discussion for Firewall Fault Tolerance: Windows 2000 NLB versus RainWall article Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts