Re: NANOG 40 agenda posted

[Matt Peterson <matt () peterson org>]

> or is the problem simply that there isn't a port or pkg or rpm of  
> proxynet,
> and in spite of being 12 years old, nobody but me runs anything  
> like it?  (so,
> this boils down to, are folks only using proxies on outbound,  
> still, in 2007?)
> ((and did you think squid was your only inbound proxying option?))

As someone who has used both the appliance route (ie: Foundry  
ServerIron or F5 BigIP) and nix box (ie: pound or OpenBSD's  
hoststated), they each have their advantages/disadvantages as Joe  
kindly points out.  Cost comes down as a factor normally.. spend 10  
hours tweaking the perfect MythTV box or an hour @ Fry's to buy a  
Tivo - weigh your own time against your wallet.

I find that appliance route still has a number of major advantages  
for "serious" or enterprise use - SNMP agent (graph # of connections  
per VIP), failover (though CARP fixes this in the OpenBSD land),  
fancy healthchecks (developers aren't always clueful enough to code  
errors in the form of HTTP codes), security features (limit req/sec  
based on a cookie, CIDR or some other metric), etc.  Ironically in  
the 10gig range, the available products to do L7 traffic fudging are  
limited and quite costly - a lot of folks with lots of bits to push  
(I do video) tend to take the "Direct Server Return"/nPath/etc  
route.  Appliances tend to have support contracts and that allows the  
suits to sleep at night too.

--Matt