Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux Virtual Server: Users

[lvs-users] LVS vs commercial LB in critical environment

  

 
Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded


siim at p6drad-teel

Nov 20, 2009, 5:41 AM

Post #1 of 10 (1297 views)
Permalink
[lvs-users] LVS vs commercial LB in critical environment
Hi

I have a bit of a religious question: is LVS good enough to use in
"critical environments" (however you would feel like defining it)? We
are currently using LVS as load balancer and netfilter as firewall in
pretty much everywhere including several critical places (like PCI
infrastructure) and in operations team are quite pleased with the
functionality, performance and hackability.

However, some conservatives have raised the questions wether open
source is dependable enough to use in situations where a lot of money
and customers are involved and have suggested that we should be using
F5, Citrix or Cisco instead (for load balancer, firewall and content
inspection). Their concern is that those commercial tools would get
much more testing (by customers) in critical infrastructure than open
source would as open source is mostly used in less demanding places.

Basically, they are saying that everyone else is using commercial
tools and therefore we should, too.

Understandably you may not want to disclose too much information, but
does anyone know where LVS (or netfilter - OT in this list but
relevant for my personal case) is used in high-profile sites or
setups? Any concrete or anonymous examples or links to previous
similar discussions?

I tried interrogating google and mailing list archives but did not
find many examples to win this techincally irrelevant but emotionally
(for some people) important religious war. If there are a few good
examples, hopefully it will help me and anyone else facing similar
criticism in the future..

Siim

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


malcolm at loadbalancer

Nov 20, 2009, 5:55 AM

Post #2 of 10 (1245 views)
Permalink
Re: [lvs-users] LVS vs commercial LB in critical environment [In reply to]
2009/11/20 Siim Põder <siim [at] p6drad-teel>

> Hi
>
> I have a bit of a religious question: is LVS good enough to use in......
>


Siim,

Here at Loadbalancer.org we have several hundred customers using our
appliance which is based on LVS.

We have NEVER repeat NEVER had ANY issues with LVS, our customers include
large telecoms sites, massive advertising sites,
financial trading platforms, satellite communications et al.

Barracuda, Kemp and CAI WebMux also use LVS.

F5 & Coyote Point are FreeBSD based (F5 used to boot and install from a
FreeBSD OS on any PC hardware).

Try turning the question around, how likely is a commercial vendor to admit
that their is a bug/problem in their system?
How long will a commercial vendor take to fix said problem? Will they let
you see the code?
OpenSource systems are solid by design.

High availability comes down to design, planning , documentation &
implementation rather than what hardware vendor you use.

Having said all that F5, Citrix and CISCO are excellent systems and if you
can afford the cost and have the skills to run them then why not.....




--
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


mangoo at wpkg

Nov 20, 2009, 6:03 AM

Post #3 of 10 (1248 views)
Permalink
Re: [lvs-users] LVS vs commercial LB in critical environment [In reply to]
Siim Põder wrote:
> Hi
>
> I have a bit of a religious question: is LVS good enough to use in
> "critical environments" (however you would feel like defining it)? We
> are currently using LVS as load balancer and netfilter as firewall in
> pretty much everywhere including several critical places (like PCI
> infrastructure) and in operations team are quite pleased with the
> functionality, performance and hackability.
>
> However, some conservatives have raised the questions wether open
> source is dependable enough to use in situations where a lot of money
> and customers are involved and have suggested that we should be using
> F5, Citrix or Cisco instead (for load balancer, firewall and content
> inspection). Their concern is that those commercial tools would get
> much more testing (by customers) in critical infrastructure than open
> source would as open source is mostly used in less demanding places.

I always though it's the other way around: less demanding places just
buy a Cisco router (or whatever other big name solution), run it with
pretty much default settings, as they don't have enough IT knowledge to
run their own, custom solution.

But yes, it's a "religious" question.

On the other hand, nobody was ever fired for buying solutions from Big
Vendor Inc., so I guess this is where your conservatives fit in, probably.


--
Tomasz Chmielewski
http://wpkg.org

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jay.faulkner at mailtrust

Nov 20, 2009, 6:35 AM

Post #4 of 10 (1240 views)
Permalink
Re: [lvs-users] LVS vs commercial LB in critical environment [In reply to]
> -----Original Message-----
> From: lvs-users-bounces [at] linuxvirtualserver [mailto:lvs-users-
> bounces [at] linuxvirtualserver] On Behalf Of Siim Põder
> Sent: Friday, November 20, 2009 8:42 AM
> To: LinuxVirtualServer.org users mailing list.
> Subject: [lvs-users] LVS vs commercial LB in critical environment
>
>
> I have a bit of a religious question: is LVS good enough to use in
> "critical environments" (however you would feel like defining it)? We
> are currently using LVS as load balancer and netfilter as firewall in
> pretty much everywhere including several critical places (like PCI
> infrastructure) and in operations team are quite pleased with the
> functionality, performance and hackability.
>

Siim,

I assure you that LVS is production quality. Just like any application, it has it's quirks, but so do commercial LBs. Paying for a load balancer just because it "seems like" it would be better is a fallacy. Everything has it's positives and negatives. LVS (via keepalived) is a huge part of the infrastructure I work on daily, and it's always been reliable.

If you have any specific concerns, please post them -- the generic "is open source good enough for production" question... I'm just surprised to still see it. Hasn't Apache, Linux, and other, almost standard open source technologies killed off that argument?

Jason Faulkner
Linux Engineer, Rackspace Email & Apps

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


gustavo at gustavo

Nov 20, 2009, 7:23 AM

Post #5 of 10 (1242 views)
Permalink
Re: [lvs-users] LVS vs commercial LB in critical environment [In reply to]
Siim,

I use LVS for more than 3 years now, distributing requests to 60 web
servers for airline companies B2C and B2B systems.
One of my directors is up for 795 days, load avareged 0%, handling 300
connections per real server and 40 Mbps os traffic constantly.

You cannot go wrong using lvs and keepalived for failover protection.
It is definitely one of the best piece of software I ever used.

Regards,

Gustavo Mateus


On Fri, Nov 20, 2009 at 12:35 PM, Jay Faulkner
<jay.faulkner [at] mailtrust> wrote:
>> -----Original Message-----
>> From: lvs-users-bounces [at] linuxvirtualserver [mailto:lvs-users-
>> bounces [at] linuxvirtualserver] On Behalf Of Siim Põder
>> Sent: Friday, November 20, 2009 8:42 AM
>> To: LinuxVirtualServer.org users mailing list.
>> Subject: [lvs-users] LVS vs commercial LB in critical environment
>>
>>
>> I have a bit of a religious question: is LVS good enough to use in
>> "critical environments" (however you would feel like defining it)? We
>> are currently using LVS as load balancer and netfilter as firewall in
>> pretty much everywhere including several critical places (like PCI
>> infrastructure) and in operations team are quite pleased with the
>> functionality, performance and hackability.
>>
>
> Siim,
>
> I assure you that LVS is production quality. Just like any application, it has it's quirks, but so do commercial LBs. Paying for a load balancer just because it "seems like" it would be better is a fallacy. Everything has it's positives and negatives. LVS (via keepalived) is a huge part of the infrastructure I work on daily, and it's always been reliable.
>
> If you have any specific concerns, please post them -- the generic "is open source good enough for production" question... I'm just surprised to still see it. Hasn't Apache, Linux, and other, almost standard open source technologies killed off that argument?
>
> Jason Faulkner
> Linux Engineer, Rackspace Email & Apps
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
>

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jay.faulkner at mailtrust

Nov 20, 2009, 7:42 AM

Post #6 of 10 (1246 views)
Permalink
Re: [lvs-users] LVS vs commercial LB in critical environment [In reply to]
> -----Original Message-----
> From: lvs-users-bounces [at] linuxvirtualserver [mailto:lvs-users-
> bounces [at] linuxvirtualserver] On Behalf Of Gustavo Mateus
> Sent: Friday, November 20, 2009 10:23 AM
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: [lvs-users] LVS vs commercial LB in critical environment
>
> Siim,
>
> I use LVS for more than 3 years now, distributing requests to 60 web
> servers for airline companies B2C and B2B systems.
> One of my directors is up for 795 days, load avareged 0%, handling 300
> connections per real server and 40 Mbps os traffic constantly.
>
> You cannot go wrong using lvs and keepalived for failover protection.
> It is definitely one of the best piece of software I ever used.
>

Just as a note, we're load balancing a heck of a lot more connections per real server, and a bunch more bandwidth than this without any problem.

Jason Faulkner
Linux Engineer, Rackspace Email & Apps
jason.faulkner [at] rackspace
o: (540) 443-2101 (ex. 505-2101)


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


siim at p6drad-teel

Nov 20, 2009, 8:37 AM

Post #7 of 10 (1238 views)
Permalink
Re: [lvs-users] LVS vs commercial LB in critical environment [In reply to]
Hi

Jay Faulkner wrote:
> surprised to still see it. Hasn't Apache, Linux, and other, almost
> standard open source technologies killed off that argument?

Apparently not. As far as I understood:
1. commercial vendors have certifications
2. commercial vendors can be pressured to provide patches to problems
3. commercial vendors are used more often in critical envs and thus
better tested in environments similar to ours

1. is not a real argument, unless you are required by law to use
certified products. certification may prove something but lack of
certification certainly does not.
2 may very well be the other way around, the vendor may leave you
cleaning up their mess. there are probably more options of getting
problems resolved with open source products.
3 can hopefully be alleviated with a few examples (thanks for those).

Siim

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jmack at wm7d

Nov 20, 2009, 8:49 AM

Post #8 of 10 (1238 views)
Permalink
Re: [lvs-users] LVS vs commercial LB in critical environment [In reply to]
On Fri, 20 Nov 2009, Siim Põder wrote:

> Basically, they are saying that everyone else is using
> commercial tools and therefore we should, too.

this is impossible to counter as there is no data in this
argument. The managers are saying that they're not going to
use technical considerations in the decision, but
unmeasurable fear. If you accept this as the basis for a
discussion, then you'll loose. I work in this sort of
environment and have lost every time I'm afraid and have had
to deal with crap software from vendors. The managers are
insulated from the folly of their decisions and the results
(not having to deal with or see any problems) have justified
their decisions.

The approach I would take is to present the number of
machines/packets you've processed and tell them the problems
(time lost) you've had. Ask them for numbers from actual
installations of the proprosed software/hardware (not the
marketing from the vendor).

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!


klausman at schwarzvogel

Nov 20, 2009, 9:05 AM

Post #9 of 10 (1239 views)
Permalink
Re: [lvs-users] LVS vs commercial LB in critical environment [In reply to]
Hi!

On Fri, 20 Nov 2009, Siim Põder wrote:
> > surprised to still see it. Hasn't Apache, Linux, and other, almost
> > standard open source technologies killed off that argument?
>
> Apparently not. As far as I understood:
> 1. commercial vendors have certifications
> 2. commercial vendors can be pressured to provide patches to problems
> 3. commercial vendors are used more often in critical envs and thus
> better tested in environments similar to ours
>
> 1. is not a real argument, unless you are required by law to use
> certified products. certification may prove something but lack of
> certification certainly does not.

We have passed PCI DSS certifications with 0 issues regarding the
load balancers. Nobody asked for vendor certifications on those.

We have also passed several other certifications. I don't
remember which, but there were several that the less technically
inclined people where very worried about. The question if our
load balancers and packet filters have some certification or not
never even came up.

> 2 may very well be the other way around, the vendor may leave you
> cleaning up their mess. there are probably more options of getting
> problems resolved with open source products.

Yes, with OSS you can simply hire a consultant to fix it for you
and he will not charge an arm and a leg (or you can just hire
somebody else). Vendor lock-in is nonexistant.

> 3 can hopefully be alleviated with a few examples (thanks for those).

We run around 200 server farms with close to 1500 realservers
without any issues. We look at commercial solutions from time to
time but we never have seen the kind of flexibility/hackability
that we have now (and depend upon).

The same goes for the packet filter/firewall are: we have several
packet filters with up to 35000 rules each, all based on
Netfilter/IPTables and a self-made configuration and management
infrastructure. A similar kind of setup based on (say)
Checkpoint's offerings would be several orders of magnitude more
expensive in licensing and training - not to mention having to do
everything the way the vendor thinks is right.

I see no reason to use a packetfilter that is not open source
based - except for small companies that can't afford the know-how
building (but then again, they could hire a consultant).

HTH,
Tobias

--
printk("whoops, seeking 0\n");
linux-2.6.6/drivers/block/swim3.c

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


sashi.kant at eng

Nov 20, 2009, 9:56 AM

Post #10 of 10 (1236 views)
Permalink
Re: [lvs-users] LVS vs commercial LB in critical environment [In reply to]
Hi Simm,

We use LVS in our Ad Serving & analytics platform, serving more than half a billion requests every day. We never had LVS specific issue in our environment. Just make sure you are using high end network card and switch on the hardware side. LVS will keep chugging along as your traffic grows. We use LVS in "direct server [DR] return mode".

Cheers
-Sashi

On Nov 20, 2009, at 5:41 AM, Siim Põder wrote:

> Hi
>
> I have a bit of a religious question: is LVS good enough to use in
> "critical environments" (however you would feel like defining it)? We
> are currently using LVS as load balancer and netfilter as firewall in
> pretty much everywhere including several critical places (like PCI
> infrastructure) and in operations team are quite pleased with the
> functionality, performance and hackability.
>
> However, some conservatives have raised the questions wether open
> source is dependable enough to use in situations where a lot of money
> and customers are involved and have suggested that we should be using
> F5, Citrix or Cisco instead (for load balancer, firewall and content
> inspection). Their concern is that those commercial tools would get
> much more testing (by customers) in critical infrastructure than open
> source would as open source is mostly used in less demanding places.
>
> Basically, they are saying that everyone else is using commercial
> tools and therefore we should, too.
>
> Understandably you may not want to disclose too much information, but
> does anyone know where LVS (or netfilter - OT in this list but
> relevant for my personal case) is used in high-profile sites or
> setups? Any concrete or anonymous examples or links to previous
> similar discussions?
>
> I tried interrogating google and mailing list archives but did not
> find many examples to win this techincally irrelevant but emotionally
> (for some people) important religious war. If there are a few good
> examples, hopefully it will help me and anyone else facing similar
> criticism in the future..
>
> Siim
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.