If you see a vendor at the top and wonder if your product too can be advertised on this site, then answer is “probably”. I use Google Ads. Google pics up the keywoards from the postings and pulls up the advertisers that have bid on those keywoards. So if you’re using Google, then you can also be on the ads.
Advertise
About the Author
Yup, you caught The Oracle monologuing! It was a good monologue nonetheless, even though I’ll have a tough time keeping a straight face next time Marketing asks me what we’re doing about “The Cloud”.
-=BK
You can put the ACE WAF in front of the servers, behind the load balancer. The traffic flow will look like this:
Client -> ACE -> ACEWAF -> ACE -> servers
The ACE LB will load balance to one or more WAFs, which will send its traffic back to a VIP on the ACE, which will go to the servers.
So what you’re saying is that if Ellison has you trapped and is about ready to dispatch you, you should say something like “You may fell me, but The Cloud will continue!” and he’ll go on and on, buying you enough time to plan and execute your escape.
“I’ll get you next time, Bill Kish!”
Not sure if it’s used as much, but direct server return (local triangulation – Radware, direct routing – Linux VS) can work in that situation, you just need to put loopbacks on all the servers with the IP of the VIP. In this mode, only the L2 header is rewritten, so the return packet doesn’t need to go through the LB to come back. The disadvantage is that the LB only gets to peek into the SYN packet before it has to decide which server gets the connection, so no L7 intelligence!
Sean
Good article, although this setup adds an important single point of failure. Most people add an additional load-balancer for redundancy with a “floating” VIP.
“Everything is a web application. Nothing is static anymore. That’s part of the reason load balancers are being called “Application Delivery Controllers”.”
This is probably the most succinct and accurate description of the reason behind the change in terminology I’ve ever read.
Bravo, Tony. Great post!
Lori
HA. I’m surprised that a ’system administrator’ even knew what a default gateway was. But even worse is SAs that don’t understand CIDR…
Great compilation, Tony. Very useful. Thanks!
Additional, recent discussion here:
https://lists.dns-oarc.net/pipermail/dns-operations/2009-November/004607.html
The question is, of those 20+ vendors/projects, WHO does DNS redirection (for subdomains) and supports DNSSEC? And IPv6? Anyone?
Hehe, VG-ops are famous for their creative (mis-)use of headers
Where in Oslo are you and for how long?
We run approximately 25M-30M peak commit, serving around 350K concurrent connections. Since a recent spike in traffic of about 20%, the Load Balancer 340 platform 1 systems have begun failing. To upgrade to platform 2, which handles the traffic advertised (cuda makes a claim of “unlimited concurrent connections), for 2 of the 4 replacements, we had to pay $500.00 per system, and add insult to injury, the primary production replacement system sent out had a bad nic, which continually flapped or went down completely, with no response from the console. This problem took 3 business days (and a weekend) of troubleshooting to replace. without a clustered configuration, this would have been business lost to downtime. Overall, combined with a history of other firmware related outages, the cuda 340s have been a horrible product for us. Would not use again or recommend to anyone.
If he received royalties for ‘Rick-rolling’ he could retire again.
On a more serious note, are there any load-balancers that can strip http headers out of inbound/outbound packets? For example, it would be nice if I could take a list of expected headers and remove all others.
I am pretty confident that if you look at the Gartner MQ for this space, anything on the right hand side is capable of this.
Visit our site, and download an evaluation of the product to experience our implementation of this functionality…
http://www.zeus.com/downloads/traffic-manager.html
Totally agree. How can you manage your traffic properly if you dont understand what its made of? You need to get down to layer 7 to have a complete grasp of whats happening on your site and how to optimise/manage/control the load on it.
Nick
I am sure you mean “up to layer 7″…
HTH
Another Nick
I started life as a developer before I came to my senses, so maybe I have some insight
To your point #2 – it’s just not part of the culture. Developers write to a platform that’s infinitely fast, has an infinite amount of memory, and connects to a zero latency network of infinite bandwidth.
To your point #0, regarding laziness, it’s somewhat true. Logging performance data at the application level is difficult, so it doesn’t get done.
Error checking is another problem that can be explained by both our points. Many programmers don’t check for errors because they’re lazy, it’s too hard to deal with the error, they don’t have time, and their infinitely powerful computer doesn’t have errors, right!?
I’ll also throw in a bonus one – most developers don’t know what’s underneath the hood. ORMs and frameworks have made this worse (not saying they’re bad though) because they hide the details of running an application. Just because I can type customer.invoices.lineitems.product.inventoryitem.manufacturer.cost to find out the cost of an item, does it mean that it’s the DBA’s fault when the database chokes trying to join 6 million line tables just to find a single field?
Zed’s one of the few programmers that “gets it”. He knows what’s going on under the hood (he wrote mongrel FFS), he knows the importance of understanding more than just what’s in your job description.
The guys over at Flickr have written several articles/presentations on their philosophies of ops vs dev, and how they’ve turned it into a collaboration. Unsurprisingly, application level metrics figure prominently.
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
Sean
I agree with you both. One other problem is DEV/QA environments don’t contain any PII and therefore don’t require SSL….can you see where I’m heading with this? Their throughput numbers are much higher than they’re ever going to see in production because the clients and servers aren’t having to do any encryption/decryption.
p.s. A company for whom I used to work recently retired their Big-IP, and the front-panel makes a nifty night-light.
Why are routers not configured to pick up gratuitous ARPs? i.e. When a computer boots up it does an ARP announce to the network. Shouldn’t the router be configured to pick up internal ARP announce and ignore external ones? Maybe they can’t for some reason? But some co-lo’s I have installed at the router picks up the MAC change straight away and others you have to call the NOC and get the ARP table on the router flushed…..Maybe they are worried about ARP cache poisoning or something?
Ron, re SSL TPS, there is no licensing tiers. You buy the box, you can use whatever the box is capable of. In the case of my AX1000, I have seen it do over 1000 SSL TPS in my environment, and the box is rated for 5000. This in the entry-level box. It might be identical in the 2000-series, b/c I think they use the identical SSL chip until the 2200 or 3200 (not sure)
Shawn
Dan, re suspicions on SSL performance, I am aware they use a recently-released cavium nitrox crypto accel chip, so I would believe it. All other parts of their architecture seems to be oriented toward performance, as well (not that features are hurting).
Mine has been in production 4 months, and all aspects of the organization have been very responsive to questions, testing, setup.
Juvenile.
But speaking of SNMP, with PCI-like requirements making syslog servers, and their accompanying correlation engines mandatory, which system do you have performing alerting?
Spectrum/Openview/etc or LogRhythm/LogLogic/Tivoli???
Also, do you send email message to smart-phones or to users’ inboxes and let them forward as they see fit?
What provisions do you have in place to keep from sending hundreds (or even thousands) of alerts?
Priceless – shared with the fellow techies at the office
Excellent, very helpful. Thanks!