Forum Discussion
NimbostratusF5 vs Open Source?
I’ve been tasked with comparing the use of open source load balancing software server solutions against commercially available off the shelf hardware. We are currently using F5 and have been happy with the products and honestly i'm not really sure why this has come about.
We use the load balancers currently for traditional load balancing, full
proxy for http/ssl traffic, ssl termination and certificate management, ssl and
http header manipulation, nat, high availability of the physical hardware and
stateful failover of the tcp sessions.
These units will be placed at the customer prem supporting our
applications and services and we’ll need to support them accordingly.
Now my “knee jerk” reaction to this is that it’s a really
bad idea. It is the heart and soul of
our data center network.
However, once I started to think about it I realized that I hadn’t had
any real experience with this solution beyond tinkering with it at home and
reading about it in years past.
Can anyone offer any operational insight and real world experiences with these solutions?
4 Replies
- Carl_Brothers
Employee
About a year and a half ago, the powers that be sent me on a similar mission as they looked at any licensing and other costs that they could reduce. One result of that larger effort is that someone sold the idea of going with mail hosted by a consumer focused company with a large advertising revenue stream.... But I digress.Possible, YES. However there is the management and failover which I found to be the most troubling. Admittedly I am not 'nix admin so I do not know of all the tricks that they may have to bring to the table, but a simple concept like an HA pair of servers hosting NGinX had the smart Linux guys I know scratching their heads when I ran scenarios by them. As is the case with most things 'nix, all the configs are via files, so a simple syntax error will halt the entire process. Syncing the config files is also something that will require creative thinking too. Once you build out a FOSS stack, and it will be a stack of different solutions to get all of the features, good luck keeping the Rube Goldbergian system glued together and not ever fouled by a misconfiguration. To pull it off you would need many people on your team to support the solution who are 'nix, application, and networking GURUs, otherwise a novice without a full understanding of the system could mistakenly bring the whole house of cards down. There was a Long debate that Lori M sparked with some FOSS folks not too long ago where you can read their declarations of "Yes we can!" but the details of their solution made my head hurt. Oh and forget admin partitions where u let app owners take nodes one and offline, that is now your job. Also forget everything that is done well with the custom ASICs(SSL Termination & Compression come to mind) inherent with the HW ADC solutions.
An ADC solution built on FOSS is not a one stop shop and requires a high degree of expertise to make it all flow nicely. And with the huge chain of software needed, extensive unit testing would be needed before rolling sw updates to the various modules that would be needed to ensure no disruption of services. And at 2 AM when the solution crashes, which of the umpteen modules caused the crash, who can you get support from and get back online without loosing revenue? How tolerant will management be to wait for you to crawl twenty or so different forums for the modules involved and waiting on responses to posts to attempt to fix the issue?
Regards,
CarlB
- Chris_Miller
Altostratus
To elaborate on Carl's point a bit, an ADC is one of the most critical components of a network and therefore must be supported. A good ADC lets you do absorb failures in other places inside your network but putting millions of dollars worth of applications and infrastructure behind something open source and free is a bit risky. - The_BhattmanHi Brian,
There is an excellent article that was written by F5s Lori MacVittie.
http://devcentral.f5.com/weblogs/macvittie/archive/2009/04/17/dear-slashdot-you-get-what-you-pay-for.aspx
This topic generated interesting conversations in the community.
However, ultimately it comes down to 2 important questions (minus the cost)
1) How much features you need and not what you want.
2) Can your existing support organization support it (Development, Deployment and Support).
I hope this helps,
Bhattman 
L4L7_53191This is my personal philosophy on architecture / ADN design, which I've put into practice in various capacities. At the risk of this sounding like marketing fluff, one of the main ideas is to put an emphasis on a select set of strategic points of control in your network, then leverage the hell out of them. For me, this stack included the following technologies:
-- BigIP
-- Solaris (for Oracle)
-- NetApp
-- SLES Linux
-- The Apache/Tomcat stack
-- Commodity x64 servers, horizontally scaled
Obviously, there are tons of possible variations and valid arguments for/against this stack, but we found that using this simple stack we could address the vast majority of application delivery challenges that the business would toss our way. You can see the strategic points where we focused our capital investment: BigIP, NetApp, and Oracle.
Why? We found that using these specific technologies allowed us to say yes far more than no to the business owners, my boss(es), our CTO, etc.
With an open source solution in place at the BigIP layer, I can say with 100% certainty that I would have had to have made significant compromises to our application delivery environment, if not having to say "no" to a huge swath of use cases.
To blatantly rip off Larry Wall's famous quote: BigIP makes easy things easy and difficult things possible. With an open source LB solution this doesn't hold, particularly at scale: e.g., ask an open source solution to handle 1 million concurrent connections, let alone 32 million, or to 65,000 SSL TPS with 2048-bit keys. There are several reasons for this, but suffice it to say that there are (to me, at least) certain workloads and tasks that require purpose-built, high performance, kick-arse stuff. More and more, people are essentially asking for middleware on the wire, a task that BigIP is uniquely suited for.
Now, FWIW, I love open source and I've bet my career on it in many respects. But for me it's more about the right tool for the right job. F5 has a ton of *really* smart folks dedicated to making their technology do incredible things. It's a good idea to leverage that domain expertise for this type of job.
Just my $.02 on this interesting thread!
-- Matt
![\"F5](\"https://www.f5.com/content/dam/f5/f5-logo.svg\"){kind=logo}
