three firewalls

The three data networks in the LIC are controlled by three firewalls. These are named ifw01, ifw02 and ifw03.

ifw01 and ifw02 work as a team, handling business traffic. They and are connected to both the biz01 and biz02 networks. If ifw01 breaks down, ifw02 takes over its work. This provides HA (High Availability).

ifw03 only deals with administrative traffic. It is connected to the adm01 network. Unlike the business network, the administrative network has no backup.

what it is

Three firewalls (ifw01, ifw02 and ifw03) are the traffic cops that control the three data networks. I made these firewalls by taking general purpose IBM PCs and adding a firewall application to them.

Two firewalls control business traffic. They work as a pair. Firewall ifw01 does all the work. If it breaks ifw02 does all the work. To make this work each firewall has to be connected to both the biz01 and biz02 networks.

Business traffic in the LIC is carried by two data networks, named biz01 and biz02. This provides HA. The biz01 network does all the work. If biz01 breaks then the biz02 network does all the work.

Administrative traffic is separated from business traffic by adding a third data network to the LIC, named adm01. The firewall ifw03 controls the adm01 network.

The three networks are colour coded.

All three networks (biz01, biz02 and adm01) have the same layout. Colour coding of the network cables helps me tell them apart.

the simple view

The simple firewall diagram above shows one firewall placed in the middle of each of the three data networks. It's so clean and simple. And so wrong. Each business firewall has to be attached to both business networks.

It is easier to gloss over the wrong bits than to face up to the complex diagram below. Glossing over the wrong bits allows a diagram that looks very much like the diagram for the three ethernet switches.

the complex view

The topology diagram below shows the three firewalls, their connections to the ethernet switches and the network cable colours.

The diagram shows six switches, not three. This is explained in the VLANs page.


