You are correct. In the post you made today you simply said that SSL load balancing wasn't working and you didn't mention keepalives. I thought you meant that you weren't even able to get SSL load balancing to work correctly.
We are still using pings for keepalives which works fine if your system is stable but in the beginning we had a lot of glitches with the secure server. It would lock up and we'd have no idea it happened. If the load balancing switch had a way to actually test the secure server, I would be exceedingly joyful. John >>> "sam sneed" 3/22/02 10:08:16 AM >>> Really, I remembered you replied to a post a made a while back stating your were using pings for the keepalives: http://www.groupstudy.com/form/read.php?f=7&i=36514&t=36505 For true load balancing the CS11152 advertises you need HTTP keepalives over a secure connection with application SSL set. Otherwise the WWW service could die and CS will still show service as up.(assuming the SSL servers are not the same as the WWW servers. I got an example from Cisco's site but it didn't work. So I assume you had this working but not exaclty the way it was meant to be working. Or were you just holdin' out on me on that last post? ; ) By the way I solved my previous problem by using TCP keepalives on port 443. ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > That's interesting. We've been using the Arrowpoint switch for > load-balancing with sticky SSL sessions for over a year now and have had > no problems at all. > > However, we're going to be replacing that box with two of > something-or-other, we just haven't decided on what yet. > > John > > >>> "sam sneed" 3/22/02 8:35:56 AM >>> > First off, failover takes close to a minute which is a lot more than > Cisco > advertises(in HA config). Second they're supposed to provide for load > balancing using SSL. This simply does not work on ours even though we > followed the config on their site exactly. Third they're very > tempermental. > We migrated them to another switch and expected a little downtime > during the > move. We moved them, they came up, showed all services were good but > in > actuality all services were down. We had to power down both CS11152 and > the > Extreme switch they were connected to get services back up. Mind you > that > all the servers that were behind the CS11152 were pingable and > reachable up > to Layer 3 so NAT and L3 were working, only the services the load > balancers > were supposed to provide were down. Cost us a lot of aggravation and > almost > my job. > > > ""Gaz"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > What problems have you had with the Arrowpoint Sam? > > > > We do mainly Foundry for load balancing, and I have to say (as I'm > not > using > > my work e-mail address :-)) that they have been flaky as hell. We > work > > fairly closely with Foundry (when we can get in touch), but every > box > seems > > to work differently with every image. You get in to the habit of > finding > an > > image that works and leave it alone. It's a horrible feeling when > security > > advisories come out recommending upgrades, and you just know it's > going to > > introduce other issues. > > > > We haven't deployed the Arrowpoint on any really big projects, but > they do > > seem to offer more functionality than the Foundry in some areas (not > > forgetting the massive price difference), so I'm interested to hear > what > > problems have arisen with them. > > > > Thanks, > > > > Gaz > > > > > > ""sam sneed"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I have a pair of CS11152 (former arrowpoints) and they've been > flaky. I > do > > > not recommend them. Not sure about coyotepoint. > > > > > > > > > ""dre"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Coyotepoint was the first server load balancing device I had > ever > > > > heard of outside of your basic LSNAT configuration (I think > Cisco > > > > calls it NAT load-sharing or something, but there is an RFC > also). > > > > > > > > However, I've never actually seen one in production on any > > > > network. Around 1997-8 the Cisco Local Director was the > > > > only box I saw, and most people hated them. Then, the F5 > > > > Big/IP box became popular (and it still sort of is). A whole > > > > bunch of people started entering the market space of SLB > > > > and Global Load-Balancing. In the past few years, companies > > > > like Arrowpoint and Alteon got bought by Cisco and Nortel. > > > > Now you even have places like Akamai doing GLB for places > > > > like Yahoo. > > > > > > > > After I've read the RFC's, and patents like US6185598, > > > > US108703, and US6052718, and worked with SLB and > > > > GLB for years, I've finally come to a few conclusions: > > > > > > > > A) The SLB/GLB marketing and focus is silicon snake oil > > > > B) Just like the computer security industry, "[it's] like a > carnival > > game, > > > > where people throw ducks at balloons, and nothing is as it > seems" > > > > C) It really depends on *your* environment. Just as there are > > > > millions of options for web servers and web programming > languages > > > > (e.g. .NET, J2EE, Apache+PHP+MySQL, Apache+mod_perl, MS NT4 > > > > IIS/ISAPI, WebSphere vs. Weblogic, Zeus, Netscape, Xitami, etc > etc), > > > > there are millions of options for SLB and GLB (even deciding > between > > > > the two is impossible). > > > > D) Even outside of products and software, you have your own > > organization. > > > > How the coders build web pages. How the HTML is done. Etc. If > you > > > > don't have any dynamic content. If you are completely dynamic > content > > and > > > > everything besides the main page is somewhere under /cgi-bin/. > These > > are > > > > all organizational issues that are different with every company. > > > Depending > > > > on your setup, a different product may fit your needs > differently. > > > > E) SLB was grown out of the need for more bandwidth being pushed > out > > > > to the Internet by machines in the $100 to $5000 price range. > These > > > > machines at the time were 486's and no ubiquitous Fast or > Gigabit > > > Ethernet. > > > > For a high-end Unix box with Fast Ethernet, you were looking at > $30,000 > > > > back then (at least). > > > > F) Now, you can buy a Titanium Powerbook with Gigabit Ethernet > running > > > > Mach+BSD (MacOS X) for like $2000. You can get 2x CPU 1U > machines > > > > running FreeBSD or Linux capable of pushing >2k pps for under > $3000. > > > > The need for SLB may have changed over the years due to the > hardware > > > > catching up to the bandwidth needs. > > > > > > > > The SLB/GLB market is so confusing, probably "nobody" has it > figured > > out. > > > > > > > > However, I can recommend one box today that stands above the > others, > and > > > > the only one I'd like to see in any production network. The guys > at > > > Radware > > > > have made some significant advancements in the way SLB and GLB > are > done. > > > > Their WSD and entire line of products are much better than any of > the > > > > alternatives, and it is much more versatile for any real > production > > > > environment. > > > > This is just my opinion, but I suggest you fully research the > SLB/GLB > > > > industry before making your decision. > > > > > > > > -dre > > > > > > > > ""Brian Zeitz"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > I hope this is not too far off topic, but has anyone ever used > this > > > > > companies load balancers or products or have any feedback on > it. > > > > > > > > > > > > > > > > > > > > http://www.coyotepoint.com > > > > > > > > > > > > > > > > > > > > One thing I noticed is that it only has 1 port in, and one out. > Is > > that > > > > > not normal? I have used Alteon Before, any feedback would be > helpful. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39205&t=38953 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
