on 4/30/09 2:28 PM, Atom Powers said: > Hardware Load Balancers that I have heard about: > Netscaler > F5 > KEMP
I have experience with two different hardware load balancers -- RadWARE and NetScaler. RadWARE was used as the load balancer at my former employer in Belgium (the largest ISP in the country), and they seemed to work quite well. We had fail-over pairs of RadWARE load balancers sitting both in front of and behind our active-active firewall servers, such that if any component inside the firewall failed then the whole firewall was marked down, and the load balancers on either side would route all traffic around the down system. Sounds complex but it actually worked well, and we got to talk to some of the top talent in the company as they were flown out from Israel. I never got any kind of account login on the box, all the configuration I did was across the web and it seemed to be pretty well locked-down. At UT Austin (my current employer), we make heavy use of NetScalers. They can be somewhat inscrutable to configure, but once configured they seem to be pretty much unbreakable. The worst kinds of failures I've seen on these things is when someone decided they had to have their OS upgraded and they didn't come back up correctly. I have heard horror stories about getting support from them since Citrix bought the company, but apparently things have since gotten somewhat better. There is no web configuration capability that I know of, so you do have to have accounts created and then you ssh into the box. Once you've got a user-level account on the box, you can create, modify, or destroy any service that is configured -- kind of like having root access. The only thing additional that someone with a real NetScaler root account can do that a "normal user" account cannot, is do things like upgrading the box, and adding new accounts. Everything else is wide open to anyone who has an account. And that scares the bejeezus out of me every time I log in, so maybe it's a good thing that I am extra, extra, extra careful about everything I ever do on any of the Netscalers, because we have things like the central web server for the entire campus behind the NetScalers, the Enterprise Directory system for the entire campus (one of the largest OpenLDAP deployments in the world), and so many other things. It is absolutely unbelievable the amount of stuff that could get seriously screwed up if someone didn't know what they were doing and they started just randomly deleting services, or whatever. I won't go into any real detail on the specific protocol issues, but I do want to say a little something about them, and then I'll leave it at that. One thing that both of these have in common is that they are primarily designed to deal with HTTP and HTTPS, and don't do so well on other protocols. We ended up creating a trivial "web page" that could be monitored by the load balancing switches, and we would have scripts running on a regular basis that would write state information to those files -- things like "okay" or "trouble", or whatever, and then set up the load balancing switch to search the page for certain strings. We ended up doing this kind of thing with the respective products at each of the employers where I've dealt with these sorts of things. I don't have experience with any other products in this field, so I'll be interested to see what you find out. -- Brad Knowles <[email protected]> If you like Jazz/R&B guitar, check out LinkedIn Profile: my friend bigsbytracks on YouTube at <http://tinyurl.com/y8kpxu> http://preview.tinyurl.com/bigsbytracks _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
