Re: [load balancing] RE: Should I replace AD3's with 2424SSL's!!?

From: KC Tam <>
Date: Wed Jan 19 2005 - 21:20:18 EST

When some product got MD, it's always time to consider some other
choice. There are some new vendors that can do SLB and SSL Offload,
plus a lot of advanced feature like TCP offload, compression,
integrated cache, DoS protection etc. on a single box.

On firewall side, is Nokia 440 MD as well? If not, you can stick on it.

On Wed, 19 Jan 2005 13:21:54 -0500, Peter Degrassi
<> wrote:
> The 5400 Accelerator and 5009 Director combine to make up an Alteon Switched
> Firewall System. Good for a midsized enterprise or branch office of larger
> enterprise. This would replace your Nokia(s).
> The 2424-SSL has all the functionality of the AD3 and iSD310 combo, and more
> (features, performance, etc.). The difference in regards to SSL offload is
> that it is internal to the switch, saving rackspace. The SSL blade in the
> 2424 is also more powerful than the 310, capable of handling 2000 SSLtps vs
> 700 SSLtps and more concurrent sessions 16000 vs 7000. There is more, I'll
> send you some PDFs off-list.
> As to whether or not you need to upgrade the AD3/iSD you should look at the
> number of sessions the AD3 is running, /stat/slb/maint. CPU utilization is
> much less important than session capacity. Also look at the TPS and active
> session stats on the iSD /stats menu.
> Also remember that even though a product reaches end of manufacture, support
> will continue for years after that. Check with your vendor.
> Regards... Peter
> Peter Degrassi
> Layer 227 Inc.,
> -----Original Message-----
> From: [] On Behalf Of Steven
> Christall
> Sent: Wednesday, January 19, 2005 5:24 AM
> To: ''
> Subject: [load balancing] RE: Should I replace AD3's with 2424SSL's!!?
> Woha ... bad mistake
> The 5409 is a bundle of Accelerator 5400 (the firewall?) and Director 5009
> (which kinda looks like an AD3). The 2424SSL only SSL accels (I think) Help
> appreciated :o(
> Steve
> -----Original Message-----
> From: Steven Christall
> Sent: 19 January 2005 10:16
> To: ''
> Subject: Should I replace AD3's with 2424SSL's!!?
> Hi all.
> I currently have two AD3's (one active) in production with an ISD310
> terminating the SSL sessions. I also have Nokia IP440's in VRRP for the
> firewalls in front of and behind the AD3's.
> I have a proposal to replace the AD3's, ISD and Nokia's with Alteon switched
> firewalls 5409 (active / active) and Alteon Directors 2424SSL (active,
> active)
> I currently have no load problems (20Mb peak) and I am happy with the AD3 /
> ISD310 combination. I am also happy with the Nokia 440's.
> Other than end of life warnings flying around (at least from my vendor)
> regarding the 440's and the AD3's why should I replace everything? Is
> anyone running the newer Directors from Alteon and have any comments?
> I am loath to break a working config. In my experience upgrading always
> gives more speed at the expense of reliability.
> Also what is the best way of measuring the load (or more to the point the
> available capacity) of my AD3's????!
> All the best
> Steve
> ____________________
> The Load Balancing Mailing List
> Unsubscribe:
> Archive:
> LBDigest:
> MRTG with SLB:
> Hosted by:
The Load Balancing Mailing List
MRTG with SLB:
Hosted by:
Received on Wed Jan 19 22:23:40 2005

This archive was generated by hypermail 2.1.8 : Wed Jan 19 2005 - 22:56:53 EST