From: Pete Tenereillo (ptenereilloIZZATadelphia.net)
Date: Tue Nov 25 2003 - 15:30:36 EST
Just sitting back looking at the list of replies from vendors makes me feel
relieved I'm not a consumer looking to buy one of these. All of the
performance numbers look good on paper, and as you've discovered,
performance tests often conflict, even tests from the same "independent"
testers. The laundry list of features is about the same too, and for any
given product if feature xyz isn't there now it's probably promised in the
My $.02 is a) pick a vendor you feel will be not only in business, but in
this business, for a while and b) "test". For whatever product you do
choose, make sure you test it yourself (don't let the vendor drive the test,
that's the oldest trick in the book - you configure it, you do the test), on
your network, with the actual applications you will use (not test
applications), and live traffic (not a bit blaster). If you do this, very
carefully, and also try to incorporate tests that reflect what you believe
your future plans will entail, and if it works for you, who cares what other
products have to offer - you will be done. What you read in marketing sheets
or the fact that another customer site uses it won't help you. There are
many very real and current cases where a product does indeed have an
advertised feature, but also has major restrictions on the way it must be
used (i.e. the intersection of 3 sets: features in a product, combinations
of features that can be used together within that given product, and
features that can be used on your network with your applications, may be the
"null set"). The fact that you plan to use features like SSL offload and TCP
offload (and no doubt L7) only exacerbates this issue - i.e. it puts you in
the "high-risk" category.
Vendors would obviously like you to believe that life is just not that
complicated and that their product works fine everywhere. Even if it was
true that, say, only 5% of customers hit a certain problem, you might be in
that unlucky 5%! The fact is that much of these companies's engineering time
is spent implementing features/workarounds to real customer problems. If you
don't believe that - there's an example in this very thread that might
convince you - F5 has a more advanced way of dealing with TCP offload and
client IP addresses than one of the smaller vendors. Why? That feature
wasn't likely the result of some guy scratching his chin and coming up with
a bright idea, but rather a real solution to a real problem, one that a
customer reported, i.e. an engineer heard the problem and came up with a
solution (which is why it's good to go with products that have a big
installed base - that way you are less likely to be the first to find a
problem). Now, after years of similar problems and feature additions to
products, the real differences in architectures and approaches come out.
Some products have diverged into a total mess, while others have elegantly
matured. (Unfortunately for me, F5 is one of the few SLBs I've never
personally had the opportunity to test, so I can't speak as to the usability
or design of that system).
As far as one box vs two box - The "one box" solutions in most cases are not
materially different than the two, i.e. it's the same code (or even the same
hardware) from the same vendor, just a repackaged module or a PC or a switch
on a blade that happens to be stuffed into a code load or chassis with some
other product. The main advantage is that it saves footprint, and maybe some
power and heat. (But as another post mentions, you lose some flexibility).
I've dealt with plenty of frustrated customers (even up to the last few
months) who were shocked and in disbelief that a widely publicized feature
on a widely deployed product could not be made to work for them (some
because of a weird and wonderful way that customer needed to use it, and
some because the feature just plain doesn't work, hasn't for years, and
no-one noticed). I'd say "good luck" but I hope you can take "luck" out of
your decision by testing. Whatever time you invest now in evaluations might
be a small % of the time you spend trying to correct a bad choice.
From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net] On Behalf Of T Do
Sent: Monday, November 24, 2003 9:02 AM
To: LB-Group Newsgroup
Subject: RE: [load balancing] SLB - SSL Accelerator - Web I/O Accelerator
Just want to be fair, below is the link to the test on the cisco CSS/CSM
Interesting though, it is from the same company that tested the F5 products.
(On my previous post)
T Do <tdo_001IZZATyahoo.com> wrote:
I'm currently looking for a SLB / SSL Accelerator with perhaps some Web I/O
acceleration. I have gathered information from different vendors products:
1. F5 - BigIP 5100/2400
3. Ingrian I220
4. Cisco CSS1150x with SSL Accelerator module
Based on the information obtained from this forum, it seems that:
1. There is a huge F5 and Alteon user based.
2. F5 is an exelent SLB /SSL Accelerator
3. Cisco CSS seems to be out there but it does not stand out in the crowd
Following is my impression on different vendor's products:
1. F5: Excellent SLB. Flexible in deployement due many configuration
options available. No Modular expansion (SSL, Interface)
2. Redlines: Good overall since it provides Web I/O acceleration, SSL
Acceleration and some SLB capabilities.
3. Ingrian: Some SLB capabilities, excellent in providing SSL
Acceleration, Cookie protection and back end database encryption. It also
provides an option to do Compression and caching of HTML traffic.
4. Cisco CSS: Modular design with SSL Accelerator module (800TPS/mod),
Interface Module (2G, 16E or 8E port), session acceleration module. It also
supports session state failover. Good SLB.
The cisco CSS seems to be a good fit where expandability is important.
However, I have read a report from F5 in which, cisco CSS seems not to
perform as well comparing to other products. Well, this may be biased in
some way though.
Any information on the above vendors (especially F5 and Cisco CSS) would be
Thanks in advance
Do you Yahoo!?
Pop-Up Blocker - Get it now
Do you Yahoo!?
Pop-Up Blocker - Get it now
The Load Balancing Mailing List
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2.1.4 : Tue Nov 25 2003 - 15:48:37 EST