nanog mailing list archives
Re: Experience with Open Source load balancers?
From: Mark Andrews <marka () isc org>
Date: Wed, 18 May 2011 09:23:20 +1000
In message <BANLkTimxkNx5=__jXD9056FAO19V1zoKqg () mail gmail com>, Michael Loftis writes:
On Mon, May 16, 2011 at 5:15 PM, Welch, Bryan <Bryan.Welch () arrisi com> wrot= e:Greetings all. I've been tasked with comparing the use of open source load balancing sof=tware against commercially available off the shelf hardware such as F5, whi= ch is what we currently use. =A0We use the load balancers for traditional l= oad balancing, full proxy for http/ssl traffic, ssl termination and certifi= cate management, ssl and http header manipulation, nat, high availability o= f the physical hardware and stateful failover of the tcp sessions. =A0These= units will be placed at the customer prem supporting our applications and = services and we'll need to support them accordingly.Now my "knee jerk" reaction to this is that it's a really bad idea. =A0It=is the heart and soul of our data center network after all. =A0However, on= ce I started to think about it I realized that I hadn't had any real experi= ence with this solution beyond tinkering with it at home and reading about = it in years past.Can anyone offer any operational insight and real world experiences with =these solutions? Honestly I think to get *all* those features you're much better off with commercial solutions like the ones you're already using from F5, or something from Cisco, Coyote Point, Brocade, or others. You can absolutely put together a solution based on any number of open source products, but you won't get the single integrated front end for management and configuration that any of the commercial options will provide, you may be missing features, and ultimately, you're on the hook for making it work. In particular the stateful failover has been problematic in open source solutions in my experience. They've come a VERY long way, but it is a hard problem to tackle. I've worked with open source and commercial solutions, and while the open source systems were almost always far more flexible, and cheaper up front, they certainly required more work to get going.. Once setup and running though both types of solutions had pretty equal amounts of maintenance, with the commercial solutions requiring somewhat less time/babysitting for upgrades and to enable or use new features or functionality.
Just make sure the DNS components return valid responses to AAAA queries as well as valid responses to A queries. Many load balancers get this wrong. They return NXDOMAIN instead of NOERROR, they drop AAAA queries, they don't return CNAMEs when the A response returns a CNAME, they return the wrong SOA record (doesn't match the zone delegated to the box). Better still would be for them to return AAAA records but until one is ready to do that the negative responses need to be correct. If they are returning AAAA queries check NS, SOA, TXT and MX responses for similar errors. AAAA is just more visible as browsers make AAAA queries and the others are done in the background. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Experience with Open Source load balancers? Welch, Bryan (May 16)
- Re: Experience with Open Source load balancers? William Cooper (May 16)
- Re: Experience with Open Source load balancers? Fabio Mendes (May 16)
- Re: Experience with Open Source load balancers? Jimmy Hess (May 16)
- Message not available
- RE: Experience with Open Source load balancers? Welch, Bryan (May 16)
- Re: Experience with Open Source load balancers? William Cooper (May 16)
- Re: Experience with Open Source load balancers? Michael Loftis (May 17)
- Re: Experience with Open Source load balancers? Tom Hill (May 17)
- Re: Experience with Open Source load balancers? Paul Graydon (May 17)
- Re: Experience with Open Source load balancers? Mark Andrews (May 17)
- Re: Experience with Open Source load balancers? Jimmy Hess (May 17)
- Re: Experience with Open Source load balancers? Tom Hill (May 17)
- Re: Experience with Open Source load balancers? Jeff Neuffer Jr (May 17)
- Re: Experience with Open Source load balancers? LaDerrick H. (May 17)
- Re: Experience with Open Source load balancers? Brent Jones (May 17)
- Re: Experience with Open Source load balancers? matthew zeier (May 17)
- Re: Experience with Open Source load balancers? Hammer (May 18)
- Re: Experience with Open Source load balancers? matthew zeier (May 18)
- Re: Experience with Open Source load balancers? Brent Jones (May 17)
- Re: Experience with Open Source load balancers? Hammer (May 19)
- <Possible follow-ups>
- Re: Experience with Open Source load balancers? jkrejci (May 17)