Active/Active ClusterXL unicast mode

[cciesec2006]

scenario:

I have a pair of NG with AI R55 hfa_20 SPLAT firewalls
running in Active/Active ClusterXL unicast mode.

gw1 is a Dell dual P-Iv 2.8Ghz processors with 2GB of
RAM. gw2 is a single P-III 1.3Ghz processor with 512MB
of RAM. Currently, I have gw1 as the pivot node:

[Expert@GW1]# cphaprob state

Cluster Mode: Load Sharing (Unicast)

Number Unique Address Assigned Load State

1 10.1.1.1 30% active (pivot)
2 (local) 10.1.1.2 70% active

[Expert@GW1]#
[Expert@GW2]# cphaprob state

Cluster Mode: Load Sharing (Unicast)

Number Unique Address Assigned Load State

1 (local) 10.1.1.1 30% active (pivot)
2 10.1.1.2 70% active

[Expert@GW2]#

Since the cluster members do not have identical processors
and memory, is it recommended to make gw2 the pivot node
so that it can handle less load than gw1? Because gw1 has
faster processor and more memory, it should handle 70%
of the load.

Is this the correct assumption? Thanks.

[Routerkid1]

That should be fine for a network with not alot of connections.

[cciesec2006]

what about for a network with a lot of connections?

[Routerkid1]

You want about 256 MB of Ram for about every 25000 connections. Just be smart with the rulebase. Put the most used rules at the top and enable full duplex on the switches and firewall interfaces and you will be fine. If you can get the Ram up to 1 GB that would be better.

[cciesec2006]

I think you're missing the point of my question. What I am asking is that,
given the situation that I have, which node should be used as the "pivot"
node?

"You want about 256 MB of Ram for about every 25000 connections. Just be smart with the rulebase. Put the most used rules at the top and enable full duplex on the switches and firewall interfaces and you will be fine. If you can get the Ram up to 1 GB that would be better."

I am aware of all the things you mentioned above.