Firewall Wizards mailing list archives
BigIP/LD/Alteon
From: Nicholas Tang <ntang () nachtwache org>
Date: Fri, 3 Mar 2000 22:45:29 -0500 (EST)
We're evaluating the Alteon switch solution vs. the BigIP solution where I work so this is an especially interesting discussion for me. Basically, the general consensus seems to be that the Alteon does everything the BigIP or Cisco LocalDirector does but faster and cheaper. The reason we're favoring the BigIP so strongly is because of their high-availability features - while yes, the high-end unit costs $50,000 a pop, it ALSO has several HA features the Alteon switches (if I'm correct) don't. I'll quote from the BigIP FAQ on F5's site: BIG/ips EAV (Extended Application Verification) is a more sophisticated version of ECV, and basically lets you script you own tests, so you can perform multiple layers of testing to arrive at the answer: yes its working properly, or no, its not working properly. A good example of this functionality pertains to an E-commerce site. BIG/ip can emulate what a customer is doing, connect to the site, select an item out of the catalog, place it into a shopping cart, run a credit card number to emulate the purchase, and makes sure that the credit card transaction is properly working. Basically, it allows you to step through everything that a customer would normally do. At the end of this process, we know that everything is up and running, and its ok to send traffic there. But if theres a problem in any of those links in the chain, BIG/ip will know not to send traffic there. BIG/ip will continue to test it, and only when it starts working properly will BIG/ip send traffic back to it. Here's Alteon's statement about their HA features: The CACHEdirector constantly monitors cache, application and content availability, bypassing unhealthy caches when it distributes new sessions and automatically re-enrolling them upon service restoration. Intelligent application health checking ensures integrity of the entire data path, including content retrieval, for services including HTTP, NNTP, FTP and DNS. Now, admittedly neither is extremely detailed and both were written by marketing types, but it seems to me that the BigIP is a clear win there - while it's great being able to have your switch make sure your web server is responding, we're running a rapidly growing e-commerce site - and if the application server on the web server goes down, it can still serve the front page and the error page - but the store itself goes all to hell. The ability to script a real query and have it hit a fully dynamic, database-driven shopping cart page is very important to us. Is there _anything_ else that can do that? What we're actually considering doing is having a setup like this: [multiple lines to the internet] | | | [set of alteon switches] | | | ----------------------+------------------- | | | [set of bigip's] [set of bigip's] [set of bigip's] | | | | | | | | | | | | | | | | | | [pool of webservers] [pool of webservers] [pool of webservers] Now, obviously that is a ridiculously expensive solution, but it seems to be the only one where we can get maximum speed AND a good HA solution. We'd start off most likely with a pair of alteons pointed at a pair of bigip's and then add on more sets of bigips (and if need be more alteons) as the site continues (hopefully :) ) to grow. Right now we haven't found a single box that presents a magic solution - has anyone found a better one? Does anyone know if the Alteon can indeed execute similarly scripted checks and dynamically reconfigure the load balancing based on the results as the BigIP claims it can? For that matter, does anyone know if the BigIP really can do everything it says? Nicholas
Current thread:
- BigIP/LD/Alteon Nicholas Tang (Mar 05)
- <Possible follow-ups>
- RE: BigIP/LD/Alteon Woeltje, Donald (Mar 06)