Firewall Wizards mailing list archives
RE: External Load Balancing
From: "Wes Noonan" <mailinglists () wjnconsulting com>
Date: Thu, 6 Jan 2005 11:55:09 -0600
It's so rare to be home and able to reply for a change... Just wanted to throw a log on this fire. F5 seems to be everywhere I go... Wes Noonan mailinglists () wjnconsulting com http://www.wjnconsulting.com Hardening Network Infrastructure - A concise how to guide Available Now!! Order at http://tinyurl.com/5852c
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards- admin () honor icsalabs com] On Behalf Of Peter Trembath Sent: Thursday, January 06, 2005 09:38 To: Richard St John; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] External Load Balancing Hey Richard, No direct experience but when I was with Concord Communications (Network, Systems and Apps Mgmt/Reporting Software) as an SE, I called on hundreds of the Fortune 1000 companies. I'd venture to say 70% of them had at least one F5. So... a.) they are all sheep or b.) the box must have had something going for it. One drawback from the mgmt/reporting side. F5 took a shortcut when it came to implementing SNMP. It's basically still just a server, albeit a specialty one, right? So rather than actually write a Mib for it they just used the old UC-Davis (now net-snmp) Mib. http://net- snmp.sourceforge.net/ This was a freeware mib that used to be distributed by the Univ. of Calf. at Davis. It was actually a pretty good server Mib and covered a lot of platforms. And F5 did extend the Mib with F5 specific variables.. So what's the problem? The problem is that F5 did not change the enterprise ID from (UC Davis Agent - 2021) to F5 (F5 - 3775) of the Mib on most of the versions of their software. This give network management systems that use the enterprise ID as part of their auto-discovery a lot of heartburn. They think the box is just a plain old server running the UCD agent when in reality it's an F5 Big IP box and you miss all the "good" statistics. So my advice is to call F5 before you buy and make sure they a.) give you all the current Mibs for your particular box/code and b.) they use their OWN enterprise ID. They have known about this problem for a long time and may have fixed it by now. Regards, - Peter (ex-Concord now un-employed) Trembath Peter Trembath 30524 Barlow Farmington Hills, Michigan 48334 Home Phone: 248-851-3672 Personal Cell: 248-760-6871 Primary email: trembath.peter () sbcglobal net Secondary email: ptrembath () hotmail com -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Richard St John Sent: Thursday, January 06, 2005 9:21 AM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] External Load Balancing Good morning list, We are currently running in an outbound load balanced setup. A packet from inside has a one in four chance of hitting a specific firewall. We are beginning to look at load balancing the external side of our network so that a packet from the outside has a one in four chance of hitting a specific firewall. A quick search of the internet turned up: Resonate Central Dispatch Radware Web Server Director Alteon ACE director 2 F5 Big/ip Coyote Point Equalizer E250 Holon Tech Hyper Flow 2 IBM WebSphere Perf. Pack Hydra Web Hydra Ipivot Intelligent Broker 4000 Anyone have comments about these? Richard St. John Graybar Electric Company _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- External Load Balancing Richard St John (Jan 06)
- RE: External Load Balancing Peter Trembath (Jan 06)
- RE: External Load Balancing Wes Noonan (Jan 07)
- Re: External Load Balancing Dave Breiland (Jan 07)
- Re: External Load Balancing Leonardo Valcamonici (Jan 06)
- Re: External Load Balancing Kevin (Jan 09)
- Re: External Load Balancing Marcus J. Ranum (Jan 09)
- Re: External Load Balancing Mark Teicher (Jan 11)
- Firewall "appliances" (was Re: External Load Balancing) Kevin (Jan 14)
- Re: External Load Balancing Paul D. Robertson (Jan 14)
- Re: External Load Balancing Kevin (Jan 09)
- RE: External Load Balancing Peter Trembath (Jan 06)