[c-nsp] Cisco load balancers with SSL offload

R.L. Nevot r.nevot at gmail.com
Wed Apr 18 16:46:48 EDT 2007 

By the way, I like F5 because of its functionality, but I think they have
other problems to solve. In fact, the one I like is Juniper's, and I like
also the approximation they are evolving, Application Acceleration.

Have you ever opened a F5 switch hardware to see what's going inside?  :-)

On 4/18/07, R.L. Nevot <r.nevot at gmail.com> wrote:
>
> day to dat working with old CCS 11154, from version 5.1 to the last issued
> (think they are now with 6.1), and had issues regarding VRRP (taking both
> control of services although there was communication between them),
> missbehaviours with ACLs, with sticky-srcip parameter, etc.
>
> We also have a brand new 11506 with ssl module, and sometimes its fiber
> interfaces stop processing traffic suddenly. Last version of software and
> replaced several times the fiber modules, now it's stable.
>
> The CLI is embarrassing, has several errors, commands that are misspelled
> (try to do advanced-balance and then try to make no advanced-balance...),
> poor SNMP administration...
>
> In fact, I was very happy with CSS11154 'til I had opportunity to test
> F5... CSS11506, with its difficult to understand way to configure
> SSL-proxys, made my day...
>
> regards
>
> On 4/16/07, Gert Doering <gert at greenie.muc.de> wrote:
> >
> > Hi,
> >
> > On Mon, Apr 16, 2007 at 08:01:47PM +0200, Marcin Mazurek wrote:
> > > > (I assume that both the CSM and the ACE can do SSL "out of the box",
> > and
> > > > you just need to have the right license, that is, "don't buy extra
> > > > doughter cards"?)
> > >
> > > CSM dosn't support SSL offload, ACE does. With CSM You may use SSL
> > > offload module, separate blade for cat6.
> >
> > Ah.  Important information, thanks.
> >
> > > I would skip CSM as ACE is next generation product (contexts, TCP
> > > offload, active-active also per context, many more).
> >
> > Given that ACE also seems to be a good deal less money, this is good
> > advice :-)
> >
> > > You may want to take a look at F5 and Juniper products, nice feature
> > are
> > > rules that You can check You traffic in L7 without significant
> > > performance decrease.
> >
> > Customer is explicitely asking for Cisco...
> >
> > gert
> > --
> > USENET is *not* the non-clickable part of WWW!
> >
> > //www.muc.de/~gert/
> > Gert Doering - Munich, Germany
> > gert at greenie.muc.de
> > fax: +49-89-35655025
> > gert at net.informatik.tu-muenchen.de
> > _______________________________________________
> > cisco-nsp mailing list   cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>

More information about the cisco-nsp mailing list