NANOG 40 agenda posted
Matt Peterson
matt at peterson.org
Tue Jun 5 09:24:21 UTC 2007
>
> or is the problem simply that there isn't a port or pkg or rpm of
> proxynet,
> and in spite of being 12 years old, nobody but me runs anything
> like it? (so,
> this boils down to, are folks only using proxies on outbound,
> still, in 2007?)
> ((and did you think squid was your only inbound proxying option?))
As someone who has used both the appliance route (ie: Foundry
ServerIron or F5 BigIP) and nix box (ie: pound or OpenBSD's
hoststated), they each have their advantages/disadvantages as Joe
kindly points out. Cost comes down as a factor normally.. spend 10
hours tweaking the perfect MythTV box or an hour @ Fry's to buy a
Tivo - weigh your own time against your wallet.
I find that appliance route still has a number of major advantages
for "serious" or enterprise use - SNMP agent (graph # of connections
per VIP), failover (though CARP fixes this in the OpenBSD land),
fancy healthchecks (developers aren't always clueful enough to code
errors in the form of HTTP codes), security features (limit req/sec
based on a cookie, CIDR or some other metric), etc. Ironically in
the 10gig range, the available products to do L7 traffic fudging are
limited and quite costly - a lot of folks with lots of bits to push
(I do video) tend to take the "Direct Server Return"/nPath/etc
route. Appliances tend to have support contracts and that allows the
suits to sleep at night too.
--Matt
More information about the NANOG
mailing list