Re: High Speed Firewalls

[Bennett Todd <bet () rahul net>]

Correct me if I'm mis-reading you here, but as far as I can tell,
you didn't like an early release of Distributed Director, and so
condemned LocalDirector as well.

Perhaps you don't have any use for a simple local load balancer.
I've found them very useful. I'll happily use a pair of
LocalDirectors in H-A mode to scale a farm up to many, many times
the capacity of any single component member.

For many applications, I'll prefer to place the job of distributing
the traffic about the internet contractually in the hands of the
provider. If they are doing their job well, they'll be able to carry
the traffic out to their borders.

I've never tried out Distributed Director. If I wanted wide-area
load balancing, I'd try out various alternatives, but I wouldn't
approach the problem expecting any of the alternatives to work much
better than a round-robin DNS hack.

There's a very big difference here. LocalDirector has a job assigned
to it that can be done, and can be done well. It brings passive
performance tracking to the party, that's its big improvement over
its competition.

Distributed Director can't in principle do its job as well. Where
the LocalDirector's job is to direct traffic to the
currently-fastest server in a farm, from the point-of-view of the
choke point where the farm hits the net, the job you'd like a
Distributed Director to perform is assigning customers to the farm
nearest them --- but there's no way to do that without non-standard
and explicit assistence from the application.

-Bennett

Attachment: _bin
Description: