Hello, Please CC me directly if you respond to this. I would like to know if anyone is currently using a load balancer with the GNAT-Box Pro 3.2.x or higher product. I am currently researching the following 4 alternatives:
1) http://www.linuxvirtualserver.org/ -- this is a GNU load balancing tool built on Linux! 2) Manufacturer 3COM Manufacturer Part# 3C16120 Description SS3 SVR LOAD BALANCER 16K CONN Retail Cost $8,995.00 3) Manufacturer NORTEL NETWORKS Manufacturer Part# EB1404010 Description ALTEON 180E W/ AC P/S 8PT 10/100/1000 Retail Cost $26,395.00 4) Manufacturer NORTEL NETWORKS Manufacturer Part# EB1404009 Description ALTEON ACEDIRECTOR3 W/ AC P/S 8PT 10/100 Retail Cost $15,595.00 I would like to know if anyone has any experience with these products in particular, or another load balancing program/device. We have standardized on the GNAT-Box and don't want to move away from it, but I've heard firewall+load balancer configurations can be very trick. This article explains more of why I'm concerned: http://www.networkcomputing.com/1102/1102ws12.html > When a firewall is added to the mix, TCP state must be maintained at the > incoming and outgoing firewalls. Consider an HTTP transaction: First, > let's assume the asymmetric network path also contains a firewall but is > separate from another firewall for performance considerations. The client > opens a session with a SYN packet that passes through the firewall and > load-balancer to the real server. The real server then sends a SYN ACK > packet back through the asymmetric route and the other firewall but not > through the original firewall. The client receives the SYN ACK and sends > an ACK to complete the three-way TCP handshake. At this point the original > firewall has no idea that it was expecting an ACK in response to the SYN > ACK it never received and may react in any number of ways, including > dropping the session, triggering an alarm or initiating some response > procedure. Would any other GNAT-Box customers feel better if GTA certified or officially supported certain firewall + load balancer configurations? Thank you! Justin Kuntz http://www.Prominic.NET Phone: 217-356-2888 x 101 | Fax: 356-3356 | Pager: 888-241-0647 Internet: [EMAIL PROTECTED] | NotesNet: Justin Kuntz@Prominic@Notes Net "In the middle of difficulty lies opportunity." -- Albert Einstein --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
