Steffo's Echolot : Weblog

Thursday Mar 22, 2007

The need for virtualization on Load Balancers

Surprisingly many (big) companies still don't use load-balancing switches (LBs). I am talking of hardware boxes like Alteon, Foundry, Nauticus. Those that use LBs, use them in mission-critical environments. If any of these companies plans to rollout a new project that could benefit from a load-balanced network environment, they're instantly in a big discussion with the people who operate these boxes.

Since these boxes are mission-critical, configuration changes require a lot of discussion. This is espacially true if you want to convince these people to use configurations they've never used before (e.g. proxy IP addresses). End of the game

a lot discussions about what to configure and why it is needed
an unplanned outage of the mission-critical service (maybe)
dropping the hardware load-balancing for the new project and using a software LB solution

It would be easier to buy a seperate load-balancer for each project. But then: costs, costs, costs. A load-balancer with appropriate features is not a cheap thing: 10-20K EUR per box, at least 2 boxes (high-availability), three environments (development, integration, production) with 60-120K EUR per project/application.

So what's the alternative: discussions or cheap software solutions? Well the cheap software solutions I saw (I'm not talking about Resonate here, I'm talkling about things like BEAs LB plugin, DNS round-robin etc) don't take you that far. Load-balancing is a network thing, is a hardware thing (you don't use multi-homed PCs for L3 routing, don't you).

Discussions? The average time spend on discussions on how to configure the load-balancer without affecting the other applications is 5-10 days (you, the network guy plus some project manager). Yes, that's 5-15K EUR per project. Assume you have 3-5 projects on you LB infrastructure, that's 15-75K EUR spend on discussions. Plus the amount that is caused by the unplanned outage (maybe not of the production system but non-availability of the integration system can also cost money). So in total: 5-80K EUR.

That money could be saved if the network guy can easily be assured that the new configuration won't harm his existing one. That's what virtualization can do for you (and for him). Every project get its own sandbox on one LB platform.

Posted at 02:00AM Mar 22, 2007 by steffo in Sun | Comments[2]

Comments:

I dont know about you, but I face none of these problems in my environment. We have a pair of old Foundry ServerIron XL/16's (they stopped making the /8's at the time). Each has exactly 2 network cables running out of them. One interface handles our production traffic, the other is dot1q tagged to deal with anything else we want to do. From this one system (pair), we run about 30-40 VIP's with 0 problems. The pair acts in an HA scenario, and changes are a snap. Brining new stuff up is a cakewalk (using the cli, we rarely touch the gui), and we just make sure that there are two folks watching for any changes :-) Total cost was about $10K USD each a few years back. Now, here is the dirty little secret: By using DSR (Direct server return), we can go Active/Active and deal with a ton of traffic. Since the return packets never go through the foundry, we can get away with running only two 100MBps ports off of the thing. (web server traffic is very asymetrical, one little request can bring a flood of data). This lets us avoid all of the bigger systems (dont need the throughput or ports) and by running DSR we no longer need to put the servers between the LB's and users. Nice, eh? :-) We still use virtualization, but only in places where the application does not allow for N number of systems to spread the load (think databases).

Posted by John on March 22, 2007 at 03:24 AM CET #

John, my point was rather: if your company plans to introduce a new system (say some multi-tier business app). Will you allow the people who do the integration access to your Foundry box? It's not only that new application can cause additional load on the switch (that'll always be the case). It's that new projects demand a substantial change og the LB config. Are you willing to introduce new configs (e.g. Proxy IPs) on your box only because the integrator asks for it. If yes, you're defintely exceptional. Each project would like to have it's own LB to configure what they want. Since this is too expensive, it would be nice to have a virtualization layer on a switch which is hopefully cheaper than a seperate box and which allow each project to configure what they want.

Posted by Steffo on March 22, 2007 at 07:47 AM CET #