You're right, the Cisco/Arrowpoint box doesn't do this very well, either. We're not using SSL acceleration yet, but we're currently redesigning that part of the network to include it. I don't know if there are any boxes that can do URL testing easily. I believe there are some that support scripting of some sort and I think that's about the only way to do this correctly.
John >>> "Gaz" 3/22/02 10:13:17 AM >>> Do you use SSL accelerators John. One problem we've had with Foundry is that the health checking for SSL is not up to scratch because the box cannot simulate a real attempt at a URL like it would with http, it just sees port 443 is available on the accelerator and never gets as far as the back end server. Needs to actually test a URL with 128 bit encryption. I don't think Cisco (Arrowpoint) will do it either? Are there any other boxes that do this properly? Gaz ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > That's interesting. We've been using the Arrowpoint switch for > load-balancing with sticky SSL sessions for over a year now and have had > no problems at all. > > However, we're going to be replacing that box with two of > something-or-other, we just haven't decided on what yet. > > John > > >>> "sam sneed" 3/22/02 8:35:56 AM >>> > First off, failover takes close to a minute which is a lot more than > Cisco > advertises(in HA config). Second they're supposed to provide for load > balancing using SSL. This simply does not work on ours even though we > followed the config on their site exactly. Third they're very > tempermental. > We migrated them to another switch and expected a little downtime > during the > move. We moved them, they came up, showed all services were good but > in > actuality all services were down. We had to power down both CS11152 and > the > Extreme switch they were connected to get services back up. Mind you > that > all the servers that were behind the CS11152 were pingable and > reachable up > to Layer 3 so NAT and L3 were working, only the services the load > balancers > were supposed to provide were down. Cost us a lot of aggravation and > almost > my job. > > > ""Gaz"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > What problems have you had with the Arrowpoint Sam? > > > > We do mainly Foundry for load balancing, and I have to say (as I'm > not > using > > my work e-mail address :-)) that they have been flaky as hell. We > work > > fairly closely with Foundry (when we can get in touch), but every > box > seems > > to work differently with every image. You get in to the habit of > finding > an > > image that works and leave it alone. It's a horrible feeling when > security > > advisories come out recommending upgrades, and you just know it's > going to > > introduce other issues. > > > > We haven't deployed the Arrowpoint on any really big projects, but > they do > > seem to offer more functionality than the Foundry in some areas (not > > forgetting the massive price difference), so I'm interested to hear > what > > problems have arisen with them. > > > > Thanks, > > > > Gaz > > > > > > ""sam sneed"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I have a pair of CS11152 (former arrowpoints) and they've been > flaky. I > do > > > not recommend them. Not sure about coyotepoint. > > > > > > > > > ""dre"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Coyotepoint was the first server load balancing device I had > ever > > > > heard of outside of your basic LSNAT configuration (I think > Cisco > > > > calls it NAT load-sharing or something, but there is an RFC > also). > > > > > > > > However, I've never actually seen one in production on any > > > > network. Around 1997-8 the Cisco Local Director was the > > > > only box I saw, and most people hated them. Then, the F5 > > > > Big/IP box became popular (and it still sort of is). A whole > > > > bunch of people started entering the market space of SLB > > > > and Global Load-Balancing. In the past few years, companies > > > > like Arrowpoint and Alteon got bought by Cisco and Nortel. > > > > Now you even have places like Akamai doing GLB for places > > > > like Yahoo. > > > > > > > > After I've read the RFC's, and patents like US6185598, > > > > US108703, and US6052718, and worked with SLB and > > > > GLB for years, I've finally come to a few conclusions: > > > > > > > > A) The SLB/GLB marketing and focus is silicon snake oil > > > > B) Just like the computer security industry, "[it's] like a > carnival > > game, > > > > where people throw ducks at balloons, and nothing is as it > seems" > > > > C) It really depends on *your* environment. Just as there are > > > > millions of options for web servers and web programming > languages > > > > (e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4 > > > > IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc > etc), > > > > there are millions of options for SLB and GLB (even deciding > between > > > > the two is impossible). > > > > D) Even outside of products and software, you have your own > > organization. > > > > How the coders build web pages. How the HTML is done. Etc. If > you > > > > don't have any dynamic content. If you are completely dynamic > content > > and > > > > everything besides the main page is somewhere under /cgi-bin/. > These > > are > > > > all organizational issues that are different with every company. > > > Depending > > > > on your setup, a different product may fit your needs > differently. > > > > E) SLB was grown out of the need for more bandwidth being pushed > out > > > > to the Internet by machines in the $100 to $5000 price range. > These > > > > machines at the time were 486's and no ubiquitous Fast or > Gigabit > > > Ethernet. > > > > For a high-end Unix box with Fast Ethernet, you were looking at > $30,000 > > > > back then (at least). > > > > F) Now, you can buy a Titanium Powerbook with Gigabit Ethernet > running > > > > Mach+BSD (MacOS X) for like $2000. You can get 2x CPU 1U > machines > > > > running FreeBSD or Linux capable of pushing >2k pps for under > $3000. > > > > The need for SLB may have changed over the years due to the > hardware > > > > catching up to the bandwidth needs. > > > > > > > > The SLB/GLB market is so confusing, probably "nobody" has it > figured > > out. > > > > > > > > However, I can recommend one box today that stands above the > others, > and > > > > the only one I'd like to see in any production network. The guys > at > > > Radware > > > > have made some significant advancements in the way SLB and GLB > are > done. > > > > Their WSD and entire line of products are much better than any of > the > > > > alternatives, and it is much more versatile for any real > production > > > > environment. > > > > This is just my opinion, but I suggest you fully research the > SLB/GLB > > > > industry before making your decision. > > > > > > > > -dre > > > > > > > > ""Brian Zeitz"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > I hope this is not too far off topic, but has anyone ever used > this > > > > > companies load balancers or products or have any feedback on > it. > > > > > > > > > > > > > > > > > > > > http://www.coyotepoint.com > > > > > > > > > > > > > > > > > > > > One thing I noticed is that it only has 1 port in, and one out. > Is > > that > > > > > not normal? I have used Alteon Before, any feedback would be > helpful. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39188&t=38953 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
