Mattew, We run high volume SSL but not nearly the 12Gbps you are talking about so that hasn't been an issue for us. Thanks for the information. Looks like the Citrix ANG rep owes me another lunch to explain himself. :) I'm gonna do some research on NGINX... -Hammer- "I was a normal American nerd." -Jack Herer On Wed, May 18, 2011 at 2:23 PM, Andreas Echavez <andreas@livejournalinc.com
wrote:
We're using both an F5 BigIP as well as Nginx (open source software) in a production environment.
They both have their merits, but when we recently came under some advanced DDoSes (slowloris, slow POST, and more), we couldn't process certain types of layer 7 insepction/modification because it was too heavy for the F5 to handle. Nginx was more cost effective because we could scale laterally with cheap commodity hardware.
This isn't a knock on the BigIP though; it's a much better piece of equipment, has commercial support, and a fantastic web interface. With Nginx you might find yourself compiling modules in by hand and writing config files.
Ultimately, the open source solution is going to stand the test of time better. It all depends on who's paying the bills, and what your time is worth. Nginx was specifically worth the effort for us because we had unique traffic demands that change too quickly for a commercial solution.
Thanks, Andreas
On Mon, May 16, 2011 at 4:15 PM, Welch, Bryan <Bryan.Welch@arrisi.com
wrote:
Greetings all.
I've been tasked with comparing the use of open source load balancing software against commercially available off the shelf hardware such as F5, which is what we currently use. We use the load balancers for traditional load balancing, full proxy for http/ssl traffic, ssl termination and certificate management, ssl and http header manipulation, nat, high availability of the physical hardware and stateful failover of the tcp sessions. These units will be placed at the customer prem supporting our applications and services and we'll need to support them accordingly.
Now my "knee jerk" reaction to this is that it's a really bad idea. It is the heart and soul of our data center network after all. However, once I started to think about it I realized that I hadn't had any real experience with this solution beyond tinkering with it at home and reading about it in years past.
Can anyone offer any operational insight and real world experiences with these solutions?
TIA, replies off list are welcomed.
Regards,
Bryan