Load Balancer Devices Disadvantages

osloboy
osloboy used Ask the Experts™
on
what are the main disadvantages of using Load Balancers like CISCO between/for 2 Switches and two firewalls.

i.e Load balancer devises for Network traffic manipulation.
 
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The biggest disadvantage of any such device is that, as you wrote, you are manipulating network traffic.

One of the dangers of manipulating it, is that any mis-configuration of your LB devices (whether for active or failover mode, protocol or session handling, addresses, load distribution) could result in no traffic whatsoever passing through the system.

The advantage, of course, is the ability to manipulate traffic with a high degree of flexibility throughout your server infrastructure.

It is very advisable to test your setup thoroughly before you put it into production - or immediately after going into production, to ensure that it will behave correctly during all instances of traffic loads and failure modes. I do not advocate "testing" on a live system, but unfortunately certain tests will only prove that the system works correctly, when it is in full action. Unless, of course, you have sufficient resources to build a second test system for the lab and to simulate your production setup there.

Author

Commented:
what is the MADE OFF purpose of CISCO LOAD Balnacers, to be use with

web servers?
Switches?
firewalls?
Load balancing device failover

Load balancing is often used to implement failover — the continuation of a service after the failure of one or more of its components. The components are monitored continually (e.g., web servers may be monitored by fetching known pages), and when one becomes non-responsive, the load balancer is informed and no longer sends traffic to it. And when a component comes back on line, the load balancer begins to route traffic to it again. For this to work, there must be at least one component in excess of the service's capacity. This is much less expensive and more flexible than failover approaches where a single "live" component is paired with a single "backup" component that takes over in the event of a failure. Some types of RAID systems can also utilize hot spare for a similar effect.

Author

Commented:
how then a CISCO load balancer will work with 2 Switches?

how it come to know the switch it down
I am not fully understanding how your setup looks with 2 switches - where are the switches located?

Generally speaking, hardware failures can be detected in several ways:
- link failure: port goes down
- logical link failure: port no longer passes any traffic
- logical flow failure: port no longer passes traffic at a specific threshold
- logical protocol failure: specific protocols being monitored are no longer present or do not respond to service queries/requests

Depending on the devices involved, these options can be configured to suit your needs.

Author

Commented:
have a look in to this design, i have received from a tech consultant.
why should in all the world he want to use the Cisco LB (Load Balancer ACS 4700) LB
His diagram is certainly interesting. However, since you are the client, I would press him for an explanation/description of his design, and reasons for his choices. He obviously has something in mind, which we are not aware of here. Perhaps your enterprise size dictates the use of multiple switches, load balancers?

I would have the following comments:
- There definitely seems to be an excess of switches in the diagram (he seems to front each perimeter firewall with one. There may not be a need to do this.
- Why so many perimeter firewalls? Are all of the DMZs in different physical locations which cannot be handled by a couple of firewalls? Are these just virtual instances?
- The core switches shown on the diagram may be able to accept a ACE blade inside of them (potential to coalesce multiple services into a single device).
- Do you already have multiple core switches, or are they something new?

I am trying to extract as much information as I can from this diagram, but I have no knowledge on your specific needs, nor your services, enterprise size, etc. Thus, please keep this in mind when reading my comments as well!

Author

Commented:
Try this one now,  any Ring!!!!

well very simple use, few webservers which r connecting to APP and DB rest a normal corporate can have, 3
There is no reason why this would not work. Although the diagram bears no indication as to whether the switches, firewalls, load balancers are one device or many. I suspect they are multiples - but that's just an assumption.

Please keep in mind, that the current diagram as it stands is very conceptual - it shows very little detail on the actual implementation. In my opinion, you will still require routers (outside for handling your redundant internet connections), and on the inside to route all of the traffic between your DMZ regions or server pods.

Depending on the choice of core switch hardware, you could actually use 6500 switches as the base layer of your network and equip them with ACE blades and firewall (ASA) blades. It keeps the entire infrastructure compact, and easy to manage for failover (two identical devices!).

Looks like this is moving in the right direction for you.

Author

Commented:
you right.

but can we us any other appropriate/feasible/alternative Device instead of  LOAD BALANCERS
As explained above by @hollowkido, load balancers fit a very specific functions of the network infrastructure. There are devices out there which combine some features of load balancers with things like routers and firewalls.

As soon as you start combining devices, you lose some flexibility and features. I do not believe (other experts may correct me on this one) that any devices exist out there which do it "all in one" as well as any standalone products.

Depending on whether the services you are offering run on Microsoft software, their load balancing solutions do work quite well. External applications, or servers (Unix, IBM z/OS) would not be serviced well by this kind of solution.

If you need to save costs, you could always rely on some open-source solutions. I believe that Linux solutions exist, and have been proven in the field for some time. This article is very old, but might give you some thoughts on how to attack your problem from a different standpoint:

http://www.linux.com/archive/articles/46735

Author

Commented:
ok

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial