[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Suggestions/Info for web caching servers - web server load balancing
Carric, I assume when you say FW-1's load balancing features are weak, you are talking about ConnectControl, Check Point's own webserver load balancing add-on module, and that when you talk about maintaining session state, you're referring to 'persistence'. Persistence is the ability to ensure that a user?s session with a server will continue to be connected to that particular server for the duration of their browsing session. The reasons to stick a specific session to a particular server can vary from optimizing the cache performance of the server to ensuring a session is not broken. A broken session can result in a shopping cart losing its contents on an e-commerce site. Some applications may have special needs, such as cookie persistence or SSL session ID persistence for more secure transactions. The most common motivation for considering cookie persistence is to improve database cache hits on servers and preserve session integrity for clients situated behind proxy server farms. I'm not an expert on ConnectControl, but I have heard that its abilities are limited, especially with respect to persistence, which is why many people have chosen more sophisticated appliance-based load balancers like BigIP (from F5 Networks). I just want to clarify that RainSLB (new product made by Rainfinity) is not ConnnectControl (made by Check Point). Like ConnectControl, RainSLB is a software-only server load balancer, but there the similarity ends. <begin SOAPBOX> At the risk of sounding like a brochure, RainSLB features many of the capabilities of the appliance-based load balancers. Relevant to your comment, it includes the three most popular persistence methods (cookie, source ID, and SSL session ID). You can install it directly on the FW, or on a separate box. The main advantage of doing webserver load balancing at the firewall is reduced cost and complexity. BigIP is a good product, but it isn't cheap. RainSLB can give you 80% of the functionality of appliances at 20% of the cost.</end SOAPBOX> I agree that pounding a nail with a screwdriver is a bad idea, but for many tasks a steel hammer works just as well as a titanium sledgehammer. ;-) Cheers, Mark L. Decker Rainfinity [email protected] www.rainfinity.com> -----Original Message----- > From: Carric Dooley > Sent: Tuesday, December 05, 2000 2:10 PM > To: Mark Decker > Cc: Milliken, Larry; Checkpoint Discussion List (E-mail) > Subject: RE: [FW1] Suggestions/Info for web caching servers > > Counter-opinion: The load balancing features of FW-1 are weak. If > you need to maintain session state (i.e. a users whole browsing > session stays on one box) get soemething like BigIP. The time wasted > in trying to make a solution do something it was not designed to do > (or sucks at) is also an expense. =) > > On Tue, 5 Dec 2000, Mark Decker wrote: > > > Yet another option if you go the web cluster route instead of caching: > > you can have your FW-1 server double as a webserver load balancer > > (eliminating the need for a separate layer of devices) by > > adding RainSLB software. Not quite as many features as BigIP yet, > > but cheaper and simpler. > > http://www.rainfinity.com/us/eng/products/rainslb/index.html > > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|