[BBLISA] Load balancers

John Miller jorymil at gmail.com
Tue Mar 12 14:03:54 EDT 2013 

Hi Rob,

At Brandeis we're running Cisco ACE 30 modules inside of our Cisco 7200
switches.  They're tremendously overkill for what we use them for--about 20
different applications, which are mostly HTTP/S, LDAP/S, or DNS.  For
authentication, we use them in conjunction with our SSO system, Cosign
(UMich), which is HTTPS on the user-facing end, but also HTTPS between the
login servers and all the other servers.  We also use them to load-balance
queries against OpenLDAP servers.

At this point, the ACE is EOL, so I don't think you'd be able to purchase
any, but we certainly are able to load-balance both LDAPS and HTTPS.  I'd
imagine it's possible with just about any other solution.

Depending on your apps, you'll want to keep persistent (or "sticky")
sessions in mind--some things only maintain their sessions on a single node
of your load-balanced cluster, so all subsequent communication has to come
back to the same spot.  We're also moving stuff out into EC2, so local load
balancers obviously don't do the job there.

If you're running anything like OpenStack, CloudStack, or Eucalyptus,
they'll often have their own load balancers, too.

John

On Mon, Mar 11, 2013 at 10:53 PM, Rob Taylor <rgt at wi.mit.edu> wrote:

> Hi Guys. We have some applications here that either can't or can't easily
> support connections to redundant servers for authentication,
> and another application that has been known to beat the tar out of the
> single authentication server it uses.
> I was asked to look into it and some talk had came up about looking into a
> load balancer for distributing the load, or at least making it so that the
> less capable clients can failover to another server.
> I'm sure we would find other uses for it besides this, like web
> redirection during server outages/maintenance, and possibly distributing
> logins to cluster login nodes.
>
> Right now, our needs are pretty meager. I've started looking at a some
> software ones, like balanceNG, HAproxy, to see what they can do.
> I've also downloaded a demo of stingray, which used to be known as Zeus.
> Coyote point also makes a very inexpensive starter hardware model, $2k
> list.
> I've got cisco gear in house, but none that seem to support SLB or I would
> have looked at that as well.
>
> Load balancers are a technology that I've never really had a chance to
> play with, so I don't really know what to look for and what to avoid.
> Can anyone out there provide any insight on products that they have used,
> what they have used them for and their experiences?
>
> Thanks.
>
> rgt
>
> Whitehead Network/System Administrator
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bblisa.org/pipermail/bblisa/attachments/20130312/9535584c/attachment.htm

More information about the bblisa mailing list