[c-nsp] Cisco load balancers with SSL offload

R.L. Nevot r.nevot at gmail.com
Wed Apr 18 16:38:35 EDT 2007 

day to dat working with old CCS 11154, from version 5.1 to the last issued
(think they are now with 6.1), and had issues regarding VRRP (taking both
control of services although there was communication between them),
missbehaviours with ACLs, with sticky-srcip parameter, etc.

We also have a brand new 11506 with ssl module, and sometimes its fiber
interfaces stop processing traffic suddenly. Last version of software and
replaced several times the fiber modules, now it's stable.

The CLI is embarrassing, has several errors, commands that are misspelled
(try to do advanced-balance and then try to make no advanced-balance...),
poor SNMP administration...

In fact, I was very happy with CSS11154 'til I had opportunity to test F5...
CSS11506, with its difficult to understand way to configure SSL-proxys, made
my day...

regards

On 4/16/07, Gert Doering <gert at greenie.muc.de> wrote:
>
> Hi,
>
> On Mon, Apr 16, 2007 at 08:01:47PM +0200, Marcin Mazurek wrote:
> > > (I assume that both the CSM and the ACE can do SSL "out of the box",
> and
> > > you just need to have the right license, that is, "don't buy extra
> > > doughter cards"?)
> >
> > CSM dosn't support SSL offload, ACE does. With CSM You may use SSL
> > offload module, separate blade for cat6.
>
> Ah.  Important information, thanks.
>
> > I would skip CSM as ACE is next generation product (contexts, TCP
> > offload, active-active also per context, many more).
>
> Given that ACE also seems to be a good deal less money, this is good
> advice :-)
>
> > You may want to take a look at F5 and Juniper products, nice feature are
> > rules that You can check You traffic in L7 without significant
> > performance decrease.
>
> Customer is explicitely asking for Cisco...
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list