Re: Experience with Open Source load balancers?

[Hammer <bhmccie () gmail com>]

Mattew,
      We run high volume SSL but not nearly the 12Gbps you are talking about
so that hasn't been an issue for us. Thanks for the information. Looks like
the Citrix ANG rep owes me another lunch to explain himself. :)

I'm gonna do some research on NGINX...


 -Hammer-

"I was a normal American nerd."
-Jack Herer





On Wed, May 18, 2011 at 2:23 PM, Andreas Echavez <andreas () livejournalinc com
> wrote:

> We're using both an F5 BigIP as well as Nginx (open source software) in a
> production environment.
>
> They both have their merits, but when we recently came under some advanced
> DDoSes (slowloris, slow POST, and more), we couldn't process certain types
> of layer 7 insepction/modification because it was too heavy for the F5 to
> handle. Nginx was more cost effective because we could scale laterally with
> cheap commodity hardware.
>
> This isn't a knock on the BigIP though; it's a much better piece of
> equipment, has commercial support, and a fantastic web interface. With
> Nginx
> you might find yourself compiling modules in by hand and writing config
> files.
>
> Ultimately, the open source solution is going to stand the test of time
> better. It all depends on who's paying the bills, and what your time is
> worth. Nginx was specifically worth the effort for us because we had unique
> traffic demands that change too quickly for a commercial solution.
>
> Thanks,
> Andreas
>
>
> On Mon, May 16, 2011 at 4:15 PM, Welch, Bryan <Bryan.Welch () arrisi com
> > wrote:
>
> > Greetings all.
> >
> > I've been tasked with comparing the use of open source load balancing
> > software against commercially available off the shelf hardware such as
> F5,
> > which is what we currently use.  We use the load balancers for
> traditional
> > load balancing, full proxy for http/ssl traffic, ssl termination and
> > certificate management, ssl and http header manipulation, nat, high
> > availability of the physical hardware and stateful failover of the tcp
> > sessions.  These units will be placed at the customer prem supporting our
> > applications and services and we'll need to support them accordingly.
> >
> > Now my "knee jerk" reaction to this is that it's a really bad idea.  It
> is
> > the heart and soul of our data center network after all.  However, once I
> > started to think about it I realized that I hadn't had any real
> experience
> > with this solution beyond tinkering with it at home and reading about it
> in
> > years past.
> >
> > Can anyone offer any operational insight and real world experiences with
> > these solutions?
> >
> > TIA, replies off list are welcomed.
> >
> >
> > Regards,
> >
> > Bryan