RE: External Load Balancing

["Wes Noonan" <mailinglists () wjnconsulting com>]

It's so rare to be home and able to reply for a change...

Just wanted to throw a log on this fire. F5 seems to be everywhere I go...

Wes Noonan
mailinglists () wjnconsulting com  
http://www.wjnconsulting.com  
Hardening Network Infrastructure - A concise how to guide
Available Now!!
Order at http://tinyurl.com/5852c

> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-
> admin () honor icsalabs com] On Behalf Of Peter Trembath
> Sent: Thursday, January 06, 2005 09:38
> To: Richard St John; firewall-wizards () honor icsalabs com
> Subject: RE: [fw-wiz] External Load Balancing
>
> Hey Richard,
>
> No direct experience but when I was with Concord Communications (Network,
> Systems and Apps Mgmt/Reporting Software) as an SE, I called on hundreds
> of
> the Fortune 1000 companies.  I'd venture to say 70% of them had at least
> one
> F5.
>
> So... a.) they are all sheep  or  b.) the box must have had something
> going
> for it.
>
> One drawback from the mgmt/reporting side.  F5 took a shortcut when it
> came
> to implementing SNMP.  It's basically still just a server, albeit a
> specialty one, right?  So rather than actually write a Mib for it they
> just
> used the old UC-Davis (now net-snmp) Mib.  http://net-
> snmp.sourceforge.net/
> This was a freeware mib that used to be distributed by the Univ. of Calf.
> at
> Davis.  It was actually a pretty good server Mib and covered a lot of
> platforms.  And F5 did extend the Mib with F5 specific variables..  So
> what's the problem?
>
> The problem is that F5 did not change the enterprise ID from (UC Davis
> Agent - 2021) to F5 (F5 - 3775) of the Mib on most of the versions of
> their
> software.  This give network management systems that use the enterprise ID
> as part of their auto-discovery a lot of heartburn.  They think the box is
> just a plain old server running the UCD agent when in reality it's an F5
> Big
> IP box and you miss all the "good" statistics.
>
> So my advice is to call F5 before you buy and make sure they a.) give you
> all the current Mibs for your particular box/code and b.) they use their
> OWN
> enterprise ID.  They have known about this problem for a long time and may
> have fixed it by now.
>
> Regards,
>
> - Peter (ex-Concord now un-employed) Trembath
>
> Peter Trembath
> 30524 Barlow
> Farmington Hills, Michigan 48334
> Home Phone:    248-851-3672
> Personal Cell: 248-760-6871
> Primary email: trembath.peter () sbcglobal net
> Secondary email: ptrembath () hotmail com
>
> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com
> [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Richard
> St John
> Sent: Thursday, January 06, 2005 9:21 AM
> To: firewall-wizards () honor icsalabs com
> Subject: [fw-wiz] External Load Balancing
>
>
> Good morning list,
>
> We are currently running in an outbound load balanced setup. A packet
> from inside has a one in four chance of hitting a specific firewall.
>
> We are beginning to look at load balancing the external side of our
> network so that a packet from the outside has a one in four chance of
> hitting a specific firewall.
>
> A quick search of the internet turned up:
>
> Resonate Central Dispatch
> Radware Web Server Director
> Alteon ACE director 2
> F5 Big/ip
> Coyote Point Equalizer E250
> Holon Tech Hyper Flow 2
> IBM WebSphere Perf. Pack
> Hydra Web Hydra
> Ipivot Intelligent Broker 4000
>
> Anyone have comments about these?
>
> Richard St. John
> Graybar Electric Company
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards