Hardware load balancing

[N11]

Are there any good solutions for small scale hardware load balancing for 2-4 servers?

I've been through specs on Coyote, alteon, lucent, 3com, cisco equipment but everything appears to be for 8+ server environments. The least expensive appeared to be a coyote solution, for 8 servers and cost approximately $4,200.

Are there any other effective hardware solutions for smaller scale situations?

 

[Garion]

There are a variety of hardware solutions, most of which will probably be too much for you, if $4200 is expensive. That leave a software solution. There's a large variety of Linux-based load balancing solutions out there. I seem to recall that that Anandtech is actually run on one. Build yourself a couple of $1,000 Linux boxes and you're set.

If you want to go hardware, I'm a big fan of F5 gear. It's got some very cool features that nobody else has and they are coming out with a delegated administration piece in the next few months that should gain them a lot more acceptance into corporate america. Of course, I paid about $35K for my last pair of F5's, so it's not a cheap solution. Well worth it if you can afford it!

- G

 

[N11]

Garion,

Thank you for the information. $4,200 is relatively expensive when only 2 medium end servers are to be balanced. The goal in mind is to have a stable balancing solution between 2, at most 4 cpu intensive servers. Both serving an ASP application with communication to an SQL backend.

Redundancy and reliability being paramount, a $5,000-$10,000 device isn't out of the question. I see that there are some very nice solutions in the $10,000 price range. I was hoping for a hardware based device for this situation but perhaps software is the way to go.

What I was curious on is the type of solution primarily used for smaller scale environments? Most of these lower end hardware balancers seem to support at a minimum 8 servers, leading me to believe there is a different answer for a 2-4 server environment.

I noticed anandtech uses a pogolinux solution but they are not specific as to the software being utilized.

 

[Garion]

Load balancing is one of those hard-to-put-a-value-to solutions. I've got a pair of F5's that just load balance two proxy servers. Of course, that solution serves 30,000 staff. If it failed, we'd have major business impacts and costs would run in the ~$50,000 per hour. Compared to that, $35K is cheap.

One suggestion - Don't let the technology drive the solution. Find the business drivers and see how much they warrant spending. If your cost of downtime is $10K/hr, $4.2K is cheap, since you're GOING to have a failure on a server, guaranteed.

Load balancers are more focused on total throughput and capacity rather than number of servers. I've got another pair of F5's that are load balancing three proxies, one of which has 600Mb/s+ capacity. (I only have 90Mb/s to the Internet, so it's pretty much idle, but that's not the point!).

If you can meet your needs with a pair of linux boxes, then go for it. It's cheap and it will work fine.

- G

 

[N11]

One suggestion - Don't let the technology drive the solution. Find the business drivers and see how much they warrant spending. If your cost of downtime is $10K/hr, $4.2K is cheap, since you're GOING to have a failure on a server, guaranteed.

This is probably the most valuable advice I've heard in the past year.

If anyone else is reading this thread, this is worth its weight in gold.

Thank you for the insight! Thank you very much.

 

[n0cmonkey]

<< One suggestion - Don't let the technology drive the solution. Find the business drivers and see how much they warrant spending. If your cost of downtime is $10K/hr, $4.2K is cheap, since you're GOING to have a failure on a server, guaranteed.

This is probably the most valuable advice I've heard in the past year.

If anyone else is reading this thread, this is worth its weight in gold.

Thank you for the insight! Thank you very much. >>



Want to know the scary part? That piece of advice is important for almost *EVERY* aspect of the computer world. Its a big topic in IDS books too.

 

[N11]

<<

<< One suggestion - Don't let the technology drive the solution. Find the business drivers and see how much they warrant spending. If your cost of downtime is $10K/hr, $4.2K is cheap, since you're GOING to have a failure on a server, guaranteed.

This is probably the most valuable advice I've heard in the past year.

If anyone else is reading this thread, this is worth its weight in gold.

Thank you for the insight! Thank you very much. >>



Want to know the scary part? That piece of advice is important for almost *EVERY* aspect of the computer world. Its a big topic in IDS books too. >>



Sometimes reality takes a back seat to technological intuition. I've been too engrossed in reading and research and needed this kick in the pants reminder.

Cheers

 

[Buddha Bart]

anandtech uses software called LVS (www.linuxvirtualserver.org).
To set it up raw on your own is a horking pain in the ass.
fortunately companies have built instalation/configuration tools around it, such as redhat's Piranha (and a whole host of other things to help you out).

If you don't mind me asking, I noticed in your sig and name you reference a hosting company. Does your post imply that the servers there are not load balanced currently?

bart

 

[N11]

If you don't mind me asking, I noticed in your sig and name you reference a hosting company. Does your post imply that the servers there are not load balanced currently?

bart

Our model is such that servers in our network are independently managed and dealt with -- primary factor being the nature of industry wide GUI/software management utilities, that like many medium to larger scale hosts, we utilize.

It's a relatively complex business and for the most part on the shared, semi-dedicated and dedicated levels is not what a typical outsider would expect. We, as a result, have mechanisms in place allowing us to accomodate the type of infrastructure required in regards to both uptime and security.

 

[N11]

I forgot to actually answer your question. The answer is yes and no. On the network level which I am not involved with, yes. On the server level, picture a theoretical scenario with 25 servers, each housing unique shared accounts. Servers being accumulated and deployed in the network on an as need basis. Each server represents a point of failure for all users residing on the particular box, not however, representing a point of failure for the other 24. The servers are each independently managed.

On the server level redundancy is premised on nightly backups per server, and a situation where the 150-200 users on one server are not a point of failure for the 150-200 on the other 24.

It's an interesting industry. I try to learn something everyday.

 

[Garion]

In that case.. Why don't you buy a big load balancer and spread each account out across two boxes? Your end traffic and server requirements would be the same, you'd just have redundancy. Only catch would be managing the distribution of users' websites. They would have to upload them to two servers or you'd have to have something in place to replicate the site from a primary box to a secondary box.

- G

 

[Buddha Bart]

that whole replication thing is actually quite a pain. where I work we wound up seting up a publish script that used rsync to keep the multiple copies in sync. But you could never expect end users in the cheap-hosting market to learn a publish script setup.

N11: so i guess you guys keep a hot-spare server (or two) around and restore to that when a live machine eats it?

bart

 

[Qtech]

As N11 said, it's really a unique infrastructure. If we took your idea and got a "big load balancer" (which is something we have pondered before, even at a larger level) it would cause more problems than a simple publish script could fix. Consider a typical server, which houses a client's website, mail, and databases. Using some sort of a script or having our clients upload their site to two different servers may work for keeping the website files itself in sync. Although I doubt we would get any clients with such a system, as what a majority of the people that host with us are looking for is a very easy, intuitive way to manage their domains. Having to learn that we are behind a load balancer and they have to upload their files to two places would not keep with that model. You then have the problem with mail and databases. If you consider that mail would also have to be synchronized between the two servers, as well as databases (consider someone running a forum such as this) then it begins to be highly impractical to try to spread out the load on a server to increase redundancy. Another problem I see with that solution is then you have a single point of failure for all of the servers - if the load balancer goes then ALL the clients are screwed. This means you have to have a backup for the load balancer (which I have no idea how much would cost, you mention $35,000 for a pair) and it begins to become even more impractical for hosting the client who is paying $9/mo.

To answers Buddha's question: Yes we do have a hot server (or two depending on how fast they are filling up and being put online) for when a machine goes down.

 

[Buddha Bart]

nifty, i've always been kinda curios how hosting places run thier setups.

Do you guys use single vendor hardware, or build your own like rackspace?

Also, how do you keep PHP scripts from reading other users directories, and things inside thier scripts like database passwords and whatnot?

(at this point i think its pretty obvious i'm thinking about subscribing)

bart

 

[Qtech]

We custom build our own servers at Network Eleven.

In order to keep PHP scripts from reading files from other user's directories we use a configuration option in PHP called open_basedir. This limits the scope in which a PHP file owned by that user can access files. For instance, if someone tried to do:

$foo = file('/etc/passwd');

inside one of their scripts they would get an error message such as:

Warning: open_basedir restriction in effect. File is in wrong directory. in /home/username/scriptname.php on line x

This same concept applies to trying to open a file from /home/someuser/public_html/dbpwd.php and applies to all of the functions that deal with file access.

 

[Buddha Bart]

hmm... drat. That works when everyone has thier own virtual host, but not what i need (same host, just /~blah accounts)

bart

 

[N11]

<< hmm... drat. That works when everyone has thier own virtual host, but not what i need (same host, just /~blah accounts)

bart >>



Qtech would be better suited to follow up here, but for ~blah accounts what would come to my mind would be the utilization of subdomains, since we offer an unlimited amount of those and protection is mounted for all subdomains since they are in essence treated like VDs.

I'll let Qtech follow up on this though since he has in depth experience with this.

 

[Qtech]

Subdomains could work here. By utilizing the open_basedir tag pointing to '/home/username/public_html/subdomain/' it could restrict the files inside that subdomain from opening up any files on the server that do not reside in that directory. We currently do not implement it as such because it causes problems for clients who utilize subdomains but still point to files outside of that directory (such as using /home/username/public_html/include as a global directory for storing all included files). It would require some manual setup.

 

[PeeluckyDuckee]

interesting read, although much of this discussion is over my head. With these hardware load balancers you folks speak about, is it platform dependent? Is it similar to anything like software clustering in W2K AS?

I'm curious as to an specific example of such hardware load balancers. A link to one perhaps? Never heard of such an existence. (MS) Networking and administration I know *very very little* about, but its the business use high-end hardware that I don't have a clue about and an area I would like to know more about.

Plucky

 

[Garion]

Sure. The F5 BigIP is one of the most popular.

- G

 

[ianster]

Network Eleven guys:

You guys have a very cool web manager for your hosting site. Kudos!

-Ian Neubert

 

[bigboi]

wow, i register today and i stumble right into a thread that touches on something i'm reviewing for work . . . load balancing/fault tolerance for our internet connection. in fact the BigIP from F5 is one of the devices under consideration. the other 2 pieces of hardware that are under consideration are the LinkProof by radware and the FatPipe Xtreme by FatPipe.

unfortunately the person who was handed this project gives very little useful info in their write up. they provide a paragraph on each manufacturer which looks like it's prolly ripped from their "who are we?" page. then there's a bulleted list of the hardware's specs again ripped from the manufacturer's web site. where's the eval of each manufacturer's tech support, reliability and stability? where's the network throughput benchmarks? i'm just a low man on the totem pole so i don't have much input on this, but it concerns me that we are getting ready to spend around $13K to start and then ~$1250 every month for the additional ISP service.

anyway, very interesting read here guys. i should've registered sooner.

peace,
big daddy fatsacks

 

[me19562]

U can check this, maybe works for ur needs
hp e-commerce server accelerator sa7100 is a hardware-based ssl accelerator appliance, offloads up to 200 ssl transactions

 

[Garion]

BigBoi, a few comments...

Do you really need to buy hardware to load balance your Internet connections? Granted, they do a great job of it, but BGP is the tried-and-true way to go. If you get it done right, you can load the entire routing table of your two ISP's into your routers and let them deal with what goes where. It's generally a bit better than just weighted load balancing, as you know you're taking the shortest possible route to the networks. Of course, this assumes that you're using big ISP's - For example, we have multiple DS3's to Sprint and UUNet, who have a large chunk of the Intenret in their routing table.

That being said.. If you do go the hardware route, I always liked F5 products. They make good stuff. The Link Controller is, however VERY new. It does use a lot of the F5 basics - Load balancing and 3DNS. I've had some very questionable experiences with F5 support on their new and lesser-known products.

I've never dug into Radware, but I've generally heard good things about their products.

If it was me, however, I think it would be a very easy decision to go with the FatPipe gear. This is ALL they do and they've been doing it for a couple of years. I talked to them a few times and was quite impressed. It didn't scale to what we needed, but if I needed Fractional DS3 or less, I'd definitley be using their products.

- G

 

[bigboi]

the only thing mentioned in this write-up about BGP is that they want to avoid using it because it is very complicated. i think the hardware thing is just the easy way to go. that is not to say that it is still not an option though. there is a small section in here that shows what the cost of a new/more robust cisco router would cost and i'm guessing that the BGP implementation would be used with this new router. to tell the truth though there is no real mention of the pros and cons of using BGP or even that it is what we would use in the "new router plan." like i said, this document seems rather inadequate to me. maybe these are things that have been discussed in meetings i've not been privy to, but i'm not sure.

all i know is that this formal write-up of the 4 different plans we could take to get a second ISP and load balance the connections leaves me with more questions than answers.

peace,
big boi