LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

RE: talk by Radware, a commercial loadbalancer

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: talk by Radware, a commercial loadbalancer
From: "Francois JEANMOUGIN" <Francois.JEANMOUGIN@xxxxxxxxxxxxxxxxx>
Date: Wed, 12 Oct 2005 16:07:37 +0200

Joseph Mack NA3T :
> Talk by Radware (www.radware.com)
> at NCSA www.ncsysadmin.org 10 Oct 2005

Note that we removed our radware appliance to use LVS instead. Load Balancing
using DNS is _evil_, especially with mobile internet and all those
misconfigured operator gateways.

Because most mobile gateway are written in Java, and I'm probably the only
one who read the java.security file. Just have a look on this ugly stuff you
can find in it and the unbelievable silly explanation given:

# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless
#       you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1

For security reasons ! Guys ! Well. So we removed radware. Note that we had
other problem with radware. The DNS cache of the clients is one, the response
time of the DNS was another. Several technical issues when you reach some
trafic limits was the last.

François.

<Prev in Thread] Current Thread [Next in Thread>