-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Paul Vixie Sent: Monday, July 03, 2006 12:09 AM To: nanog@merit.edu Subject: Re: DNS Based Load Balancers
The problem being that most of what you linked to below is either A) out of date, or B) the only way to get proximity based load balancing (GSLB type stuff) with them is with DNS tricks. =20
"most of", huh? let's have a looksie.
Breaking it down in order:
The IBM solution hasn't been updated since 1999. It also seems relatively proprietary.
the ibm white paper i referred you to was writteh in 1999. websphere is quite current, and its implementation of GSLB functionality has been updated plenty since 1999. and the competitors james baldwin said he was eval'ing (cisco, f5) are certainly patent-holders offering proprietary solutions.
The Cisco solution relies on either doing HTTP redirects (which is useless if you're not doing HTTP) or DNS. =20
james baldwin said he was using the cisco solution today, so clearly HTTP is the main target. i can't think of a protocol requiring GSLB that isn't HTTP based (either web browsing or web services). FTP just isn't a growth industry and the transaction processing systems i know of (the ones that aren't based on HTTP, that is) have GSLB hooks built into them.
IOW, either you can do GSLB with session redirects, or you don't need GSLB.
Both Foundry and Radware rely 100% on DNS to do their GSLB. You can do local load balancing on both boxes without, however.
did you read the same radware white paper i did? in
http://www.radware.com/content/products/library/faq_wsd.pdf
it says that they can do session level redirects. so, less than 100% of radware is dns. i can see that i misread the foundry whitepaper i ref'd (perhaps we both saw most readily that data which fit our preconceptions?)
The last link is an outdated thesis paper that makes reference moreso to local load balancing and not global.
why is it "outdated"? as a survey of the desired functionality it's still pretty good background. no new GSLB has been invented since then, surely?
It seems that in lieu of a real, currently produced solution, the only option is presently DNS to meet the requirements. Others have sent me off-list stuff they're working on, but none of it's ready for prime time. =20
well, i see that fezhead is dead. but 3-party TCP is alive and well: <http://www.cs.bu.edu/~best/res/projects/DPRClusterLoadBalancing/>.
see also <http://www.tenereillo.com/GSLBPageOfShame.htm> and <http://www.tenereillo.com/GSLBPageOfShameII.htm>.
the references sections of those last three are particularly informative. -- Paul Vixie
Without getting into a massive back and forth, I just want to make 3 points: 1) Websphere is proprietary to IBM and requires their servers. It's not scalable to other applications. It's also not targeted to the same market as, say, F5. 2) There are definitely protocols that require GSLB that aren't HTTP. Off the top of my head: RTSP/MMS, VoIP services. I'd say that, at the very least, VoIP protocols are the killer app for GSLB moreso than HTTP. Surely the internet isn't only the web, right? 3) TCP-redirect solutions, such as the Radware one you pointed out, do not work in large scales. Have you ever met anyone who's actually implemented that in a large scale? The solution they point to they don't even sell anymore (the WSD-DS/NP). If you talk to their sales, they'll point you at the DNS based solution because they know that doing Triangulation is a joke. Triangulation and NAT-based methods both crumble under any sort of DoS and provide no site isolation. Pete Tenereillo's papers are interesting, but they're also slanted and ignore other implementation methods of DNS GSLB. How about handing out NS records instead of A records? That's an method that would make large parts of his papers irrelevant. My main point here is that each solution has it's evils, and when faced with a choice, he needs to evaluate what method works best for him. Anyone could just as easily say that Triangulation and NAT are a hack just the same as GSLB DNS is a hack. Akamai and UltraDNS will actually sell you GSLB without even buying localized hardware to do it - are these bad services, too? Patrick said it best: Just in case we like to decide things for ourselves. -Dave