While you're talking about software load balancing. How about HA-Proxy with stunnel with xforward-for patch. Anyone had any experience with these? Jean-Francois Pirus wrote:

...

I am looking to provide a load balancing solution to a client for an online ordering system which will use SSL.

I am interested in different solutions being deployed out there and any experiences with the following:

- Squid reverse proxy - Cisco Content Services (CSS) Switch 11500 series - Radware AppDirector 1000 - CoyotePoint e250GX - Any others?

In the pure load balancer: BalanceNG http://www.inlab.de/balanceng/index.html

In the Squid type (ie: http accelerator / load balancer) Varnish http://varnish-cache.org/ Pound http://www.apsis.ch/pound/index_html

PS: I haven't used any of them I just researched them in the past.

Foundry/Brocade ServerIron / ADX products (Hardware SSL Acceleration options also available). Nathan On Fri, Mar 12, 2010 at 2:31 PM, Jean-Francois Pirus wrote:

...

I am looking to provide a load balancing solution to a client for an online ordering system which will use SSL.

I am interested in different solutions being deployed out there and any experiences with the following:

-          Squid reverse proxy -          Cisco Content Services (CSS) Switch 11500 series -          Radware AppDirector 1000 -          CoyotePoint e250GX -          Any others?

In the pure load balancer: BalanceNG http://www.inlab.de/balanceng/index.html

In the Squid type (ie: http accelerator / load balancer) Varnish http://varnish-cache.org/ Pound http://www.apsis.ch/pound/index_html

PS: I haven't used any of them I just researched them in the past.

-- ------------------------------------------------------------------------ Jean-Francois Pirus               Technical Manager Phone (+64-9)  358 2081                          Clearfield Software Ltd Fax   (+64-9)  358 2083                    1st Floor 8-10 Whitaker Place Mob   (+64-21) 640 779                P O Box 3901 Auckland, New Zealand ------------------------------------------------------------------------

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

On Mar 12, 2010, at 9:24 AM, McDonald Richards wrote:

Cisco CSS11k – stay away! 10 years ago it was a piece of crap and I’m sure it still is today.

It's EoS/EoL, anyways. The current Cisco load-balancer is called the ACE. It isn't optimized for Internet environments, and I've worked with several operators who had bad experiences with it in Internet-facing environments. F5 and some other company whose name I can't currently remember are generally considered the leaders in this space. Squid is a very useful reverse-proxy cache, and one should always position reverse-proxy caches in front of one's Web servers, but it's not really renowned as a load-balancer, per se. Here's an open-source load-balancing system lots of folks use: http://www.backhand.org/ ----------------------------------------------------------------------- Roland Dobbins // http://www.arbornetworks.com Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken

On Mar 12, 2010, at 9:56 AM, Nathan Ward wrote:

Do Foundry no longer exist in this space? They're called Brocade now, but when I used to do this sort of thing lots they were the guys to beat.

Yes, Foundry, you're right - the other one is called Netstream, I think?

Also let's not CC AusNOG or other lists with this sort of thing. When their mail server starts working there's going to be either a whole bunch of bounces, or a weird disjointed conversation over there, or more likely both. Keep it to one list yeah?

I didn't realize there was a problem w/AusNOG. The original conversation was crossposted (generally a bad idea, I agree),a and so I thought I was doing the Right Thing by resuming it, apologies. ;> ----------------------------------------------------------------------- Roland Dobbins // http://www.arbornetworks.com Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken

Thanks for all the information... lot of useful stuff there. ...Skeeve -- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists skeeve(a)eintellego.net / www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeeve ; facebook.com/eintellego -- NOC, NOC, who's there?

-----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog- bounces(a)list.waikato.ac.nz] On Behalf Of Barry Murphy (iphone) Sent: Saturday, 13 March 2010 11:30 AM To: McDonald Richards Cc: nznog Subject: Re: [nznog] Web Load Balancers

I've worked and still do work with foundrys and f5's both work well. Another to look at is vyatta virtual router that has load balancer capabilities

Thanks Barry Murphy

On 12/03/2010, at 3:24 PM, "McDonald Richards" wrote:

...

I was going to wait for the AusNOG post to reply to but it seems the mail server is having issues so...

Cisco CSS11k – stay away! 10 years ago it was a piece of crap and I’m sure it still is today.

Also look into F5 and Foundry Server Irons...

Macca

From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Skeeve Stevens Sent: Friday, 12 March 2010 12:15 PM To: ausnog(a)ausnog.net Cc: nznog Subject: [nznog] Web Load Balancers

Hey guys,

I am looking to provide a load balancing solution to a client for an online ordering system which will use SSL.

I am interested in different solutions being deployed out there and any experiences with the following:

- Squid reverse proxy - Cisco Content Services (CSS) Switch 11500 series - Radware AppDirector 1000 - CoyotePoint e250GX - Any others?

...Skeeve

-- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists skeeve(a)eintellego.net / www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeeve ; facebook.com/eintellego -- NOC, NOC, who's there?

Disclaimer: Limits of Liability and Disclaimer: This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. eintellego Pty Ltd and each legal entity in the Tefilah Pty Ltd group of companies reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Any reference to costs, fee quotations, contractual transactions and variations to contract terms is subject to separate confirmation in writing signed by an authorised representative of eintellego. Whilst all efforts are made to safeguard inbound and outbound e-mails, we cannot guarantee that attachments are virus-free or compatible with your systems and do not accept any liability in respect of viruses or computer problems experienced.

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

-- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://spam.unix.co.nz/cgi-bin/learn-msg.cgi?id=46B8B4F6F9C.CDBD3

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Hi, The Brocade (Foundry Server Irons) handles this very smoothly with its dynamic NAT feature. The dynamic NAT applies a NAT whenever needed, to avoid any traffic issues across the same subnet. Cheers, Clement Ashwal Sr Network Analyst - Data Network Services - ITS The University of Auckland + 6493737599 x 87993 DDI: +64-9-9237993 ________________________________ From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Leon Strong Sent: Sunday, 14 March 2010 6:30 p.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Web Load Balancers the only real pitfall as far as LVS goes, is that it has NO SNAT support, so if for some reason you need machines on a local subnet to talk to a pool that's load balanced across the same subnet, it's impossible without alot of jiggery pokery (technical term) with iptables. Apparently, that's coming though.. \o/ On 12/03/10 17:28, Jay Daley wrote: Wot Richard Hector said - Linux Virtual Server (http://www.linuxvirtualserver.org/). In a previous role I had two thorough sysadmins test everything they could get their hands on including Cisco ACE (in a 6500 chassis), F5 boxes, Squid reverse proxy and LVS. LVS won hands down in performance, ease of use and price. It now handles high volume load balancing (tens of millions of hits per day) on simple 1u servers that barely register the load. I cannot stress enough that LVS was the better choice by a very long way. I would strongly recommend that you start with that and only look elsewhere if it is insufficient for your needs. best Jay On 12/03/2010, at 2:15 PM, Skeeve Stevens wrote: Hey guys, I am looking to provide a load balancing solution to a client for an online ordering system which will use SSL. I am interested in different solutions being deployed out there and any experiences with the following: - Squid reverse proxy - Cisco Content Services (CSS) Switch 11500 series - Radware AppDirector 1000 - CoyotePoint e250GX - Any others? ...Skeeve -- Skeeve Stevens, CEO/Technical Director eintellego Pty Ltd - The Networking Specialists skeeve(a)eintellego.netmailto:skeeve(a)eintellego.net / www.eintellego.nethttp://www.eintellego.net Phone: 1300 753 383, Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 / skype://skeeve www.linkedin.com/in/skeevehttp://www.linkedin.com/in/skeeve ; facebook.com/eintellegohttp://facebook.com/eintellego -- NOC, NOC, who's there? Disclaimer: Limits of Liability and Disclaimer: This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. eintellego Pty Ltd and each legal entity in the Tefilah Pty Ltd group of companies reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Any reference to costs, fee quotations, contractual transactions and variations to contract terms is subject to separate confirmation in writing signed by an authorised representative of eintellego. Whilst all efforts are made to safeguard inbound and outbound e-mails, we cannot guarantee that attachments are virus-free or compatible with your systems and do not accept any liability in respect of viruses or computer problems experienced. _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nzmailto:NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog -- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840 _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nzmailto:NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog -- Leon Strong | Technical Engineer DDI: +64 9 950 2203 Fax: +64 9 302 0518 Mobile: +64 21 0202 8870 Freephone: 0800 SMX SMX (769 769) Level 15, 19 Victoria Street, Auckland, New Zealand | SMX Ltd | smx.co.nzhttp://smx.co.nz [http://www.smx.co.nz/images/smxsig.gif] The information contained in this email and any attachments is confidential. If you are not the intended recipient then you must not use, disseminate, distribute or copy any information contained in this email or any attachments. If you have received this email in error or you are not the originally intended recipient please contact SMX immediately and destroy this email. This email has been scrubbed for your protection by SMX. For more information visit smx.co.nzhttp://smx.co.nz/scrubbed

Yes indeed. In a recent twist though, Radware have bought Alteon and seem to be breathing life into it again: http://www.radwarealteon.com/ . David On 15/03/2010 11:11 a.m., Tony Wicks wrote:

Many Years ago Alteon used to own the space with F5 until Nortel bought them and pretty much killed them. Foundry benefited greatly from Nortel’s purchase of Alteon.

*From:* nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] *On Behalf Of *Clement Ashwal *Sent:* Monday, 15 March 2010 9:44 a.m. *To:* 'Leon Strong'; nznog(a)list.waikato.ac.nz *Subject:* Re: [nznog] Web Load Balancers

Hi,

The Brocade (Foundry Server Irons) handles this very smoothly with its dynamic NAT feature. The dynamic NAT applies a NAT whenever needed, to avoid any traffic issues across the same subnet.

Cheers,

Clement Ashwal Sr Network Analyst - Data Network Services - ITS The University of Auckland + 6493737599 x 87993

DDI: +64-9-9237993

tection by SMX. For more information visit smx.co.nz http://smx.co.nz/scrubbed

The information contained in this e-mail is confidential and may be legally privileged. If you have received it in error, you may not read, use, copy or disclose this email. If you are not the intended recipient, please let us know by reply e-mail immediately and then delete this email from your system. We shall not be responsible for any changes to, or interception of, this email or any attachment after it leaves our information systems. We accept no responsibility for viruses or defects in this email or any attachments.

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.790 / Virus Database: 271.1.1/2747 - Release Date: 03/15/10 08:33:00