|
One thing to note about using the BigIP box and SSL. BigIP supports SSL
termination, so that you do not have to buy a certificate for each web host.
With LVS, you have to install a certificate for each web server. This can
become VERY costly for large server farms, such as E*Trade, which make heavy
use of SSL.
SSL termination is a way for the director (BigIP box) to act as a
protocol-neutralizing proxy. Essentially, SSL comes into the BigIP, and
BigIP connects to the real servers via HTTP. This assumes a trusted,
private network for the real servers, which is usually the case for most LVS
installations. If your web servers are configured for external agent
connectivity (from the Internet, say), then you definitely do not want SSL
termination, and BigIP vs LVS becomes somewhat of a 'configurability' only
issue.
Also, BigIP supports SSL acceleration (you can plug-in a card that does the
crypto). Your web servers can support this as well, but again, you're back
to purchasing one for each SSL server; a very costly model, financially
non-scalable.
Remember that BigIP's strength is the protocol-level load balancing. If all
you're doing is HTTP, then BigIP doesn't really buy you anything except the
SSL termination and acceleration, and a hefty price tag. If you wanna proxy
the real servers, and any other application server, then fer sure BigIP is a
consideration, especially if the application typically proxies through port
80 in the web server, such as Java servlets & JSP.
There are other players out there in the protocol-level load balancing, such
as Arrowpoint. For non-protocol load balancing, though, stick with LVS. I
personally use LVS-NAT for HTTP & PHP load balancing, with no problems at
all, except for the usual NFS sharing for session information in the real
servers.
-- Jake
Jacob W Anderson
javadude@xxxxxxxxx
> -----Original Message-----
> From: David Cantin [mailto:dcantin@xxxxxxxxxxxxxxxx]
> Sent: Friday, August 25, 2000 9:11 AM
> To: Jerry Glomph Black
> Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: few questions
>
>
> Le 8/25/00, à 3:29:16 PM h, Jerry Glomph Black <black@xxxxxxxx> vous a
> écrit sur le sujet suivant Re: few questions:
>
> > And yes, LVS can be used to balance load among RealNetworks streaming
> servers.
>
> I use LVS with Direct routing mode, I redirect the TCP and UDP ports,
> but the realplayer can't get the connection on the virtual IP, as it
> get on the real IP directly.
> What is wrong ?
>
> Thanks
>
> David.
>
>
>
>
>
>
|
