Re: DNS Based Load Balancers

[Paul Vixie <vixie () vix com>]

> Without getting into a massive back and forth, I just want to make 3
> points:

as long as the back-and-forth remains informative and constructive, i'll play:

> 1) Websphere is proprietary to IBM and requires their servers.  It's not
> scalable to other applications.  It's also not targeted to the same
> market as, say, F5.

websphere is a trade name for a family of products and services.  the GSLB
component is able to play as a proxy to someone else's web server.  (don't
take my word for it, call an ibm salesweenie.)

> 2) There are definitely protocols that require GSLB that aren't HTTP.
> Off the top of my head: RTSP/MMS, VoIP services.  I'd say that, at the
> very least, VoIP protocols are the killer app for GSLB moreso than HTTP.
> Surely the internet isn't only the web, right?

according to <http://www.isc.org/pubs/tn/isc-tn-2004-2.html>, the internet
is much larger than the web.  but i'm not sure what you're replying to.  i
said that session level redirection would be possible in all cases where
GSLB was needed.  voip has session level redirection (several kinds).

> 3) TCP-redirect solutions, such as the Radware one you pointed out, do
> not work in large scales.  Have you ever met anyone who's actually
> implemented that in a large scale?  The solution they point to they
> don't even sell anymore (the WSD-DS/NP).  If you talk to their sales,
> they'll point you at the DNS based solution because they know that doing
> Triangulation is a joke.  Triangulation and NAT-based methods both
> crumble under any sort of DoS and provide no site isolation.

i did not know radware has given up on wsd.  but i don't see an explaination
of what you mean by "not work in large scales" beyond "radware gave up".  i
gave another reference to third-party TCP, have you looked at it or surveyed
the rest of the field to find out how assymetric IP (satellite downlink, 
terrestrial uplink) and third-party TCP is working for the various pacific
islands who depend on it?

> Pete Tenereillo's papers are interesting, but they're also slanted and
> ignore other implementation methods of DNS GSLB.  How about handing out
> NS records instead of A records?   That's an method that would make
> large parts of his papers irrelevant.=20

just as one can always find an example that supports one's preconceptions,
one can always find a single counterexample that will support one's
prejudices.  i'm sure that any technology can be successfully demo'd or
successfully counter-demo'd.  this conversation started out as "what DNS
GSLB should i use?" and then "if DNS GSLB is such a bad idea then what do
you propose as an alternative?" and now it's "every alternative has known
failure modes that are as bad as DNS GSLB's worst case."  does that mean
we're done with the informative and constructive part of this thread?

> My main point here is that each solution has it's evils, and when faced
> with a choice, he needs to evaluate what method works best for him.
> Anyone could just as easily say that Triangulation and NAT are a hack
> just the same as GSLB DNS is a hack.   Akamai and UltraDNS will actually
> sell you GSLB without even buying localized hardware to do it - are
> these bad services, too?  Patrick said it best: Just in case we like to
> decide things for ourselves.

nobody ever got fired for buying akamai's or ultradns's DNS GSLB services,
that's for sure.
-- 
Paul Vixie