draven
Premium,Mod
join:2002-02-20
my bunker | Hardware load balancer recommendations
My organization wants to pursue hardware load balancing for at least port 80. I'm fairly naive to this subject. Does anybody have any recommendations on reliable (and economical) solutions? |
|
techjoe
Premium
join:2004-02-20
Worth, IL
 ·Sprint Mobile Broa..
| »www.coyotepoint.com/
We're looking at their unit, however good luck getting a demo. 
--
Baka wa shinanakya naoranai |
|
Drex
Beer..It's What's For Dinner
Premium
join:2000-02-24
La Place, LA
 ·AT&T Southeast
| reply to draven
I actually have some experience with a Cisco CSS 11506, but those are EOL. It worked well for what we were doing and with the SSL module we even did SSL to the switch.
Only other name I've heard is "Big IP" which can be found here:
»www.f5.com/products/big-ip/
--
I gave up drinking and eating bad food. And in 14 days, I had lost 2 weeks. |
|
draven
Premium,Mod
join:2002-02-20
my bunker | reply to techjoe
Did anybody try Barracuda Networks' device demo? How was that? |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR
 ·Charter Pipeline
·Clearwire Wireless
| reply to Drex
My last employer had a pair of F5 Big IP devices. They were pretty neat product. I got to configure the devices to do MySQL, http/https load balancing. They worked very well.
I really liked the custom monitors you could write. It could check a specific port, and expect a specific response. |
|
joncellini
join:2001-04-19
Beaverton, OR | reply to draven
I've had good luck with F5's Big-IP line. |
|
elnino
join:2006-08-27
Akron, OH | reply to draven
My company uses BigIP also and they work well too |
|
Drex
Beer..It's What's For Dinner
Premium
join:2000-02-24
La Place, LA
·AT&T Southeast
| reply to draven
Well I guess the issue here may be the "economical" part. I'm assuming that means not expensive. I guess everyone's definition of expensive is different. For the Cisco 11506 we purchased, including SSL module w/ 16 port Ethernet switch module, it ran $50K. That was over 6 years ago too. I'm not too sure how much a similar model would run today.
--
I gave up drinking and eating bad food. And in 14 days, I had lost 2 weeks. |
|
Lanik
Lab-nik
Premium,ExMod 2002-03
join:2001-06-25
Bay Area
·DSL EXTREME
| reply to draven
We're using a Citrix Netscaler right now: »www.citrix.com/English/ps2/produ···ID=21681
Can't say anything good about ours because the crumble to a halt under load. After repeated attempts to work it out with their support we're no closer to a solution unfortunately.
--
"If it ain't broke don't fix it." |
|
Wily_One
Premium
join:2002-11-24
San Jose, CA | reply to draven
I am somewhat biased, but I'd say avoid F5 BIG-IP. Their customer service leaves a lot to be desired. Their upgrade process also requires an outage and is reminiscent of DOS 3.1. |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR
·Charter Pipeline
·Clearwire Wireless
| Was this recently? When we were getting things up and running support from F5 was top notch. I always got an english speaking engineer to help, and upgrades could be rolled in if you had two devices.
Its been over two years so things could have gone downhill from when I used them. |
|
Wily_One
Premium
join:2002-11-24
San Jose, CA | Yes this was very recently. |
|
ke4pym
join:2004-07-24
Charlotte, NC
·RoadRunner Cable
·Verizon BroadbandA..
 ·Packet8
·Vonage
| reply to draven
Heh, interesting to hear the Netscaler crumbles under load. We're using a Netscaler based Teros box and it craps the bed quite frequently. The Netscaler is a neat idea (everything crammed into one box). But it just has problems. I wish I would have kept them on the Teros firmware instead of switching it to the Netscaler firmware for Application Firewall features.
I've had a long history with the Cisco 11052's and 11500 series. They are a real pain in the butt to setup and to setup 2 boxes with VRRP you've got to eat a pair of subnets. However, if you get them running correctly, they'll run for dang near ever (I'm migrating off a set of them in 2 weeks - one of which has run non-stop for 7 years now). The 11500's are coming out in June and I'll be done with the things.
Another thing I hate about the 11500's - you have to log in no less than FOUR times if you want to use the web console. It has annoyed me to no end and I've really brushed up on my command line skills for those things in the past year.
F5 - too expensive for what you get.
If you want a software based firewall (IE runs on a host) check out Zeus. I've heard some folks using it with great success and running pretty high throughput (nearing 2Gbps) on minimal hardware.
Personally, I prefer Radware Application Directors. Easy to set up. Good price for the performance. Decent support. I've got some old AS1's still floating around (which are being migrated to the new hotness - the 4016's). Radware is a 180 from Citrix.
Need a load balancer? Fine. Buy one. Need SSL/Application Accel? Buy that. Very modular design. However, I don't much like their Application Firewall. |
|
drew
Vorbei
Premium
join:2002-07-10
Port Orchard, WA
clubs:
·wavebroadband
| reply to draven
What kind of WAN connections do you have?
We have a Cisco 2811 with two ADSL WICs in it. It works great, would work even better if my ISP had more than one route out of their CO.
My company used to use some Symantec dual WAN boxes. They claimed it worked really well until it crapped out. |
|
Drex
Beer..It's What's For Dinner
Premium
join:2000-02-24
La Place, LA
·AT&T Southeast
| reply to ke4pym
said by ke4pym  :I've had a long history with the Cisco 11052's and 11500 series. They are a real pain in the butt to setup and to setup 2 boxes with VRRP you've got to eat a pair of subnets. However, if you get them running correctly, they'll run for dang near ever (I'm migrating off a set of them in 2 weeks - one of which has run non-stop for 7 years now). The 11500's are coming out in June and I'll be done with the things. Another thing I hate about the 11500's - you have to log in no less than FOUR times if you want to use the web console. It has annoyed me to no end and I've really brushed up on my command line skills for those things in the past year. I never did anything through the GUI. I always used the CLI. I guess I just preferred it that way. We were doing load balancing to a handful of servers thru SSL. Our problem came up when we tried to implement CRL checking. We found out that there was a 2MB limit on the size of the CRL. Too bad our CRL was 100MB+. Don't ask.
--
I gave up drinking and eating bad food. And in 14 days, I had lost 2 weeks. |
|
ke4pym
join:2004-07-24
Charlotte, NC
·RoadRunner Cable
·Verizon BroadbandA..
·Packet8
·Vonage
| Drex-->The GUI on the 11052's was usable. Nothing fancy but if you needed to get something done fast without looking up the syntax (I'm not in the things every day, so I forget) it was usable.
While I'm not bothered by CLI, I get tired of it sometimes and just wanna click my way to load balancing bliss.
The 1150x's admin console was good until about 8.xish. Don't remember which version they split the box code up with the admin code. That's when they made logging into the GUI a royal pain and made it faster in every case to do CLI.
FWIW, I put my first of many victims er, I mean systems onto the new Radware 4016 boxes today. Went smooth as buttah (wish they'd all go like this). 2 old Radwares down. 4 more Ciscos and 2 more Radwares to go and the 4016's will be hummin'! |
|
vic102482
Premium
join:2002-04-30
Upper Marlboro, MD | reply to draven
What are they loadbalancing? Most times NLB (which is in every Win200X server) works pretty damn good.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! |
|
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Budd Lake, NJ
| reply to draven
It was a long, long time ago and the players have changed, but at the time Foundry had some interesting and affordable stuff. Even then it did "layer 7" checks and the like. I'm guessing it's more advanced now... Have you talked to them at all? Aside from RAD, they were the cheapest. |
|
