Sense of scale would probably have been a smart thing to mention!
Relatively smallish operation in traffic terms at the moment, <10Mb/sec
bandwidth most of the time, It seems like even the entry level load
balancers are capable of 1Gbps. I think we're seeing about 40
-50reqs/sec at peak, more if we're being scraped. Something like 60
sites behind 2 VIPs, mostly on 1, sites are Tomcat instances hosted on 4
servers. I need lots of overhead for site growth though, we create and
deploy new applications on a regular basis.
Most of the sites use SSL to a fair extent due to the nature of the
content, so SSL termination is a must as far as I'm concerned, I want to
keep that as close to the edge as possible. No point wasting horsepower
on servers inside the network if it's not necessary! IPv6 would be
pretty much essential now. We're not doing it currently but aim to be
doing so in < 6 months at the edge, preferably less!
Zeus used to do hardware load-balancers, it looks from their site that
they've gone down the all-software route which I find an interesting
step. I guess it plays into the "cloud" thing quite well. If it's easy
to set up and performs well I see no reason to ditch our existing
servers that we use for load-balancing. Must admit I may be slightly
blinkered in that I fairly quickly dismissed the idea of software load
balancing from a vendor and was focussing a bit more on physical appliances.
Paul
On 11/14/2010 2:17 PM, Alexei Rodriguez wrote:
As with everything, it all depends on what you are looking for. Not
all vendors have implemented the same feature the same ways.
For example, we have a product at $WORK which needs to use the same IP
from the VIP as the SNAT; some products assume that VIPs are inbound
IP only and that you would use another set of IP addresses for
outbound connections.
Different products have different limitations; bandwidth is usually
not the first wall you hit. If your needs are relatively modest (a few
dozen VIPs, SSL termination, L4-7) then any of these products should
be able to do what you need.
However, if you want additional features (such as global traffic
management, IPv6 support, advanced load balancing algorithms, custom
rules or health checks), then you will need to make sure you detail
your requirements and hit each vendor up for these.
We have recently been testing different solutions (to make sure we are
really getting the best bang for our buck and keeping up with our
evolving requirements); among the platforms tested:
* F5: this is the current default in our shop. We use the GTM & LTM
features. We have had a couple of bumps along the road, but these just
work. The VM version is worth considering if you already have an
existing VM infrastructure and don't need significant throughput (>1Gbps)
* A10: from the Foundry lineage, but very affordable. Includes LTM/GTM
functionality with the base license (nice). VM version is supposedly
coming soon.
* Zeus: software only (you provide the HW), but it is high
performance. On modern Intel hardware it can do some serious SSL
termination in software. Definitely worth a look.
Thankfully this technology has matured, so few of the vendors would be
"risky" in terms of stability and performance.
Alexei
On Fri, Nov 12, 2010 at 4:30 PM, Nicholas Tang <[email protected]
<mailto:[email protected]>> wrote:
We've a Citrix Netscaler shop, and we've had good luck with them.
They're not perfect, by any means, but they've treated us pretty well
over the years. Before that we used Cisco Arrowpoints and prior to
that F5's. We just upgraded our Netscalers, so we're still happy
customers. ;)
Nicholas
On Fri, Nov 12, 2010 at 6:21 PM, Paul Graydon
<[email protected] <mailto:[email protected]>> wrote:
> Hi all,
>
> We're looking at going down a hardware route for load balancers, and
> looking for an HA solution.
>
> Does anyone have any recommendations or scare stories? I'm not
so much
> interested in what great and wonderful things the spec sheet says it
> does compared to real world behaviour.
>
> Currently on the list for investigation are F5, Kemp Technologies,
> Citrix NetScalers, Foundry (Brocade now?). I've experience with the
> latter two, netscalers I was a bit "meh" about, they had a few show
> stopping bugs at the time but that could well have changed.
Having an
> HA pair die one after the other because they didn't like a
particular
> TCP header makes for a fun morning! The BigIron's I've dealt
with all
> had a number of little quirks, whilst being thoroughly reliable.
>
> Paul
> _______________________________________________
> Tech mailing list
> [email protected] <mailto:[email protected]>
> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
> This list provided by the League of Professional System
Administrators
> http://lopsa.org/
>
_______________________________________________
Tech mailing list
[email protected] <mailto:[email protected]>
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
