Forum Discussion
F5 vs Open Source?
I’ve been tasked with comparing the use of open source load balancing software server solutions against commercially available off the shelf hardware. We are currently using F5 and have been happy with the products and honestly i'm not really sure why this has come about.
We use the load balancers currently for traditional load balancing, full
proxy for http/ssl traffic, ssl termination and certificate management, ssl and
http header manipulation, nat, high availability of the physical hardware and
stateful failover of the tcp sessions.
These units will be placed at the customer prem supporting our
applications and services and we’ll need to support them accordingly.
Now my “knee jerk” reaction to this is that it’s a really
bad idea. It is the heart and soul of
our data center network.
However, once I started to think about it I realized that I hadn’t had
any real experience with this solution beyond tinkering with it at home and
reading about it in years past.
Can anyone offer any operational insight and real world experiences with these solutions?
- Carl_BrothersEmployeeAbout a year and a half ago, the powers that be sent me on a similar mission as they looked at any licensing and other costs that they could reduce. One result of that larger effort is that someone sold the idea of going with mail hosted by a consumer focused company with a large advertising revenue stream.... But I digress.
Possible, YES. However there is the management and failover which I found to be the most troubling. Admittedly I am not 'nix admin so I do not know of all the tricks that they may have to bring to the table, but a simple concept like an HA pair of servers hosting NGinX had the smart Linux guys I know scratching their heads when I ran scenarios by them. As is the case with most things 'nix, all the configs are via files, so a simple syntax error will halt the entire process. Syncing the config files is also something that will require creative thinking too. Once you build out a FOSS stack, and it will be a stack of different solutions to get all of the features, good luck keeping the Rube Goldbergian system glued together and not ever fouled by a misconfiguration. To pull it off you would need many people on your team to support the solution who are 'nix, application, and networking GURUs, otherwise a novice without a full understanding of the system could mistakenly bring the whole house of cards down. There was a Long debate that Lori M sparked with some FOSS folks not too long ago where you can read their declarations of "Yes we can!" but the details of their solution made my head hurt. Oh and forget admin partitions where u let app owners take nodes one and offline, that is now your job. Also forget everything that is done well with the custom ASICs(SSL Termination & Compression come to mind) inherent with the HW ADC solutions.
An ADC solution built on FOSS is not a one stop shop and requires a high degree of expertise to make it all flow nicely. And with the huge chain of software needed, extensive unit testing would be needed before rolling sw updates to the various modules that would be needed to ensure no disruption of services. And at 2 AM when the solution crashes, which of the umpteen modules caused the crash, who can you get support from and get back online without loosing revenue? How tolerant will management be to wait for you to crawl twenty or so different forums for the modules involved and waiting on responses to posts to attempt to fix the issue?
Regards,
CarlB
- Chris_MillerAltostratusTo elaborate on Carl's point a bit, an ADC is one of the most critical components of a network and therefore must be supported. A good ADC lets you do absorb failures in other places inside your network but putting millions of dollars worth of applications and infrastructure behind something open source and free is a bit risky.
- The_BhattmanNimbostratusHi Brian,
- L4L7_53191NimbostratusThis is my personal philosophy on architecture / ADN design, which I've put into practice in various capacities. At the risk of this sounding like marketing fluff, one of the main ideas is to put an emphasis on a select set of strategic points of control in your network, then leverage the hell out of them. For me, this stack included the following technologies:
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com