F5 Fires Back On Open Source SSL Accelerator 120
Random Feature writes "In response to Build an Open Source SSL Accelerator, in which o3 magazine detailed how to build a solution comparable to an F5 BIG-IP 6900 on the cheap, F5 Fires Back claiming it's not as cheap as it appears and pointing out the potential performance implications of a 'cobbled together set of components designed to mimic similar functionality.' The discussion on the performance of the Open Source solution based on Opteron RSA operation processing capabilities brings into question the validity of the 'more SSL TPS for cheaper' argument presented by o3."
Less expensive alternatives to F5.... (Score:1)
Try protobalance.com
Re: (Score:1)
http://kemptechnologies.com/ [kemptechnologies.com]
Happy customer.
Re: (Score:2)
'cobbled together set of components designed to mimic similar functionality.'
And in certain cases do a pretty darn good job of it. Just don't expect us to be there 24/7, since the developers might be in a different time zone.
Re: (Score:2)
But, if you had a few developers spread out (say Europe, USA, and Japan) in enough time zones, you could have 24/7 support.
Justifying the Price Tag, nothing more... (Score:5, Insightful)
Finally, someone who isn't a raisin sack aptly describes all of FOSS: 'cobbled together set of components designed to mimic similar functionality.'
Ah, FOSS may be cobbled together at times, and it also may be as polished and clean as many commercial apps, but it still does not erase the bottom line that F5 is still charging an asinine amount of money for their hardware. And in this economy, the financial bottom line tends to speak volumes over F5 coming out and trying to justify their price tag with a weak "yeah, but yours sucks" argument.
This reminds me of my first time opening up the lid on a $30,000 Nokia Firewall-1 rack-mount firewall "appliance". They wanted to sell me a $2000 "upgrade". When I slid the mobo out of the fancy chassis, I found I was staring at a generic Intel mobo with a slot-1 celeron proc and 64MB of SDRAM. I then found out that the $2000 "upgrade" was merely a Pentium Proc and 256MB SDRAM stick. Needless to say, I've been rather tainted with justification for commercial hardware.
Re: (Score:2)
But a lower cost open source accelerator might well do so. Offloading the RSA operations to a server farm makes excellent sense. But what might well make a lot more sense is to find a way to use graphics processor cards as SSL accelerators. They are not purpose designed but they are made in vast volume and contain all the parts for a vector processor machine.
A machine that sells a thousand units a year is going to be a
SSL on a USB keychain device? (Score:2)
Is there any reason you couldn't put an SSL accelerator on a USB device? Lots of servers have a ton of unused USB ports sitting around. If you could make it USB, you wouldn't have to rip open the web server/reverse proxy server to install it. Sure somebody might walk off with the device, but if you can mitigate that somehow, is there anything technically wrong with the idea?
Re: (Score:1)
Re: (Score:2)
USB is slow, and is CPU dependent. What you gain in offloading the ssl to an usb device you would lose a decent chunk of to USB overhead. USB is the redheaded step-child of the server world for a reason.
Re:Justifying the Price Tag, nothing more... (Score:4, Interesting)
But what might well make a lot more sense is to find a way to use graphics processor cards as SSL accelerators.
Stick a GTX250 in your server and use a CUDA enabled RSA codec and you're set.
Re: (Score:2)
Re: (Score:1)
How would an accel. save you a dime on certificates?
Re: (Score:1)
Technically you only need one (pair) of real certs since your servers won't be talking SSL to browsers.
How that translates into ROI is between you, your 0 or more diet[y|ies], and your CA...
Re: (Score:1)
I don't understand your argument. You want to say that the vendor used off the shelf components and imply that for this reason the application wasn't worthy of the costs? In reality the hardware is a very small cost compared to the application development and maintenance. I'm so happy that vendors have been steadily moving to commodity hardware since I date back to years when special built hardware was the norm and it was an enormous cost.
Re: (Score:2)
I think he was more miffed about being asked to shell out $2000 for about $300 of components.
It's better than the rates that IBM used to charge to send an engineer to snip a single wire link, but not much better.
Re: (Score:1)
I would feel its less of an issue when there arent licensing restrictions that prevent you from doing the hardware upgrade yourself, and it would be excellent if NAS | Firewall | router | etc vendors were willing to sell you support and a bootable flash card co
Re: (Score:2)
A lot of these vendors nowadays use not only commodity hardware, but rebranded OSS software on top of it...
How many of these appliances are based on Linux or BSD?
A lot are also based on quite old versions, and the vendor specific updates tend to trickle down a lot slower than upstream patches do...
Quite often you just don't get value for money at all, you receive commodity hardware and free software and pay a premium for it.
Re: (Score:2)
How many of these appliances are based on Linux or BSD?
Well, ironically (and yet apropos at the same time), F5 BIG-IP products [wikipedia.org]. (Currently, Linux; in an earlier incarnation, they ran BSDi; the organization I worked for had a few of these installed at that time.)
I hate to say aynthing in defense of F5, but: (Score:2)
> F5 is still charging an asinine amount of money for their hardware
Actually, you are paying for the software. Plus support. documentation, etc, that is generally OK. If your IT staff is an army of untrained contractors and support contract administrators it is probably worth it.
But then in a past job I had to stand at attention in front of the CEO and answer the question "WHY THE FUCK DO WE HAVE THESE F5 DEVICES?", and "Because our CIO likes them?" is not really a good answer in a situation like that. S
Re: (Score:2)
The only real difference between FOS and commercial software, from a purely business point of view, is the support available.
With commercial software you get masses of marketing bullshit and a hotline to India if anything goes wrong. With FOS you get to choose your own support people, quicker fixes for security problems and the option to pay someone to add any feature you like.
Unfortunately, the latter transfers responsibility on to management who can no longer just blame the vendor. It's harder to purchase
Re: (Score:2)
A lot of commercial appliances these days are also a bundle of OSS code with a fancy frontend slapped on top and as you pointed out, installed on bargain basement hardware.
Some of these companies are up front about it, and you're paying for the support package... Others actually try to hide the true nature of their appliances.
Re:Win (Score:5, Insightful)
'Cobbled Together' describes most proprietary development as well.
Re:Win (Score:5, Insightful)
Re:Win (Score:5, Interesting)
It is even worse than that I am afraid.
Most commercial products do not even have a dividing line between "cobbled" and "polished" now days.
How many different commercial off the shelf Wireless AP's now days come with "cobbled" open source software?
I do not mind paying for software, I do. I just do not like companies that rip off the open source community, then whine and complain when their proprietary code is leaked to the net and it is a crime along with prison and fines, if you touch our code. Apparently you can do anything you like with GNU software.
I want to see Cisco execs in jail like the Pirate Bay people. Unlike the Pirate Bay people though they are actively making a direct profit from breaking the law.
5 years in the pen along with 50 Million put in a trust to start and fund more open source projects. Preferably building open wireless drivers for more cards.
http://www.guardian.co.uk/technology/blog/2008/dec/12/cisco-fsf-opensource [guardian.co.uk]
-Hack
Re: (Score:2)
The code used in Linksys routers is available for download. How is Cisco breaking the law?
Re: (Score:2)
I did read it. It's all to do with Linksys, which was a Cisco acquisition, and the source has been available for ages. So I'm not sure what the FSF is complaining about - unfortunately, there are no specifics given.
Re: (Score:1)
It isn't hard to imagine that the FSF is suing because only some of "the source has been available for ages" or maybe Cisco's been adding restriction beyond the GPL to the source code that they do distribute. I bet google could tell you this in about 60 seconds.
Re: (Score:2)
I happen to know that code rather well, and it's all there, at least for the routers. Cisco hasn't added anything they haven't released. The existing complaints that I know of (and the ones Google turns up) mostly have to do with build scripts, as what you download can be annoying to build. And it's true that they can be slow to release source when new firmware comes out, but they always do in the end.
Anyway, the poster above that I initially responded to implied that Cisco has released nothing (false), and
Re: (Score:2)
I happen to know that code rather well, and it's all there, at least for the routers.
b) Defendant was again distributing a new version of QuickVPN without providing correspond-
ing source code;
c) Defendant was distributing executable copies of GCC, Binutils, and GDB in conjunction
with the Firmware for several of its products (including the WAP440N, WMA11B, WVC54G,
WVC54GC, WRV200, WAG300N, and EFG120/EFG250) without providing the correspond-
ing source code to these Programs.
http://www.fsf.org/licensing/complaint-2008-12-11.pdf [fsf.org]
Re: (Score:2)
I do not mind paying for software, I do. I just do not like companies that rip off the open source community, then whine and complain when their proprietary code is leaked to the net and it is a crime along with prison and fines, if you touch our code. Apparently you can do anything you like with GNU software.
No, you have to follow the terms of the license that the creators voluntarily agreed to.
I want to see Cisco execs in jail like the Pirate Bay people.
Did they violate the terms of the GPL. I see their source code posted, so I don't think so ....
Re: (Score:1)
Did they violate the terms of the GPL. I see their source code posted, so I don't think so ....
Looks like the FSF disagrees with you since they filed suit against cisco and the article was posted only a few months ago.
Re: (Score:3, Insightful)
'cobbled together set of components designed to mimic similar functionality.'
http://en.wikipedia.org/wiki/Object-oriented_programming [wikipedia.org]
Re: (Score:2)
Have you seen non-free code? FOSS may be a cobbled together mess but the vast majority of non-free code is much worse.
Re: (Score:2)
The messiest FOSS code i have seen, is where a commercial product has been opened up... Quite often it takes several months of OSS development before the mess can even be compiled - proprietary code tends not to have configure scripts or similar, and is nastily kludged to build in a particular unchanging environment.
Re: (Score:2)
Very true. It's often not portable at all. Which is why you'll see a lot of 'Enterprise' software that only runs on a single platform whereas my free open source programs run on all flavors of Windows, OS X, Linux, BSD, AIX, etc. Give me FOSS any day over proprietary crapware.
Got news for ya pal (Score:3, Insightful)
Everything made today is a "cobbled together set of components." The chips come from Taiwan or Korea or Germany, the plastic from China, the metal from the USA or pretty much anywhere else...you name it. That's why we have standards - so you can replace one part with another.
The difference is in the quality of the cobbling.
And the final proof is in dollars per something-or-other, engineering aside. In this case SSL throughput. Let's see some benchmarks and let's see some dollar signs. Then we'll d
How is that different from F5? (Score:2, Interesting)
The F5 load balancers we have (admittedly not the newest) are just standard ATX & PCI off the shelf products and BSD.
Re: (Score:2, Insightful)
And custom software and encryption accelerator cards.
Re:How is that different from F5? (Score:5, Funny)
Re: (Score:2)
We used to cobble together SSL Accelerators from womp rats back home, and they're not much less scalable than a BIG IP-6900.
Re: (Score:2)
Linux, now. Formerly BSDi BSD/OS, but Wind River Systems bought out BSDi in 2001 and pretty much EOL'd BSD/OS by 2004.
Linky [wikipedia.org]
Re: (Score:1)
They're two generations old.
The generation after that ran Linux (they dropped BSD) on a server motherboard and a Broadcom switchplane at the front to do the simple stuff.
I've not seen inside the latest generation but I'm told they use a completely custom-fabricated motherboard which integrates the two parts. These still run Linux. Both use SSL accelerator chips.
That said, the hardware is only a small part of what you're paying for, you're also paying for the TMOS operating system, administration interface,
Shill (Score:2, Interesting)
Shilling much?
Re: (Score:2, Troll)
The parent has a point; this response is not only predictable, but precisely the same kind of FUD [slashdot.org] used to sell closed-source products. The difference is that since the F5 is made up of the same stuff that you can roll yourself, it's even less warranted.
Re: (Score:2, Troll)
you know your a shill when:
*Page served on aspx
*You make lists that contain just 2 valid criticisms then bloat it out to 5 with shillness
* TCP connection setup and teardown processing
* Inspection of application data (layer 7 inspection is rarely computationally inexpensive)
* Execution of functionality (caching, security, acceleration, etcâ¦) [does their software magically do these without executing the different operations]
* Transfer of data between proxies (when deployed on the same device this is minimized) [A way of doing it, which is impossible to do with their stack, vs a way both systems can be deployed]
* Multiple log files [cat log1 log2 log3 log4 > logALL too much? I'm sure many loggers could make it even simpler and that's assuming you don't prefer separate log files, for separate steps in the operation]
*You use very artificial scenarios to make your point:
In situations where images are being delivered over a LAN, for example, this will not provide any significant performance benefit and in fact will likely degrade performance.
would you really need ssl acceleration for your lan? would it really be the same one you use for web serving?
He also claims it's impossible to secure a Linux box against ARP poisoning and DoS attacks, which is a shame because in amongst the shilling there are some good points.
Re: (Score:2)
Re: (Score:3)
Yes, usually $30k or more in difference.
Re: (Score:1)
It's the margin on selling things to people who should know their job better.
CHAINING PROXIES vs INTEGRATED SOLUTIONS (Score:4, Insightful)
I'm a huge fan of chaining proxies, one program doing one thing then passing it on to the next, for the security, compatibility & debugging (contrary to what TFA say's you can check the pieces of a chain, but with an integrated solution you can't) benefits. The article does however raise a good point, the integrated solutions will have better performance:
# TCP connection setup and teardown processing
# Inspection of application data (layer 7 inspection is rarely computationally inexpensive)
Which means you'd have to consider the options carefully when looking for an accelerator
Re: (Score:2)
While these "integrated solutions" do have some value inherent in the integration and support, many of them are based on commodity hardware and free software and are massively overpriced... The vendors selling these things don't want people to realise their true value, as it will significantly reduce their profit margins.
Why (Score:2)
Re: (Score:1, Insightful)
Because a lot of us in the technology industry will read /. and investigate the technologies discussed. F5 had to respond in order to provide a counterclaim. You can't let something like the aforementioned article go without response, especially on a forum that will be frequented by those who have a chance of understanding what they or O3 magazine was talking about in the first place.
Rejoice, for /. == 1337
Re: (Score:1, Flamebait)
Maybe because the "general mood on Slashdot" is completely and utterly irrelevant to people who might be interested in such a solution?
Common response (Score:4, Interesting)
I say this after coming out of a meeting where a large Rube Goldberg system of Java tools was presented as the best solution to a high-volume ETL problem that has particular performance and distribution requirements. The resemblance is uncanny.
I'm all for not reinventing the wheel, but if that's what is required, then just do it.
Re: (Score:3, Insightful)
If you have the experience with Linux based fail over solutions and apache or nginx to pull this off, more power to you. Go ahead and save some bucks, but make sure you test the heck out of it first, and have a plan for updates and failures.
If not, the money you would save is probably not worth the potential downtime you could experience.
Big iron boxes have big iron price tags, and you can almost always hack together something cheaper. The question is how much more reliable, easy to configure, and easy to
Re: (Score:2)
I don't think it is much different, in the "test the heck out of it", etc. It is more can your company afford to internalize the risk, and does your contract with the vendor reduce that. And can you afford the extra time required to DIY. Regardless the solution, you better test the heck out of it if you can't afford the downtime. In times like these it is often more of a, if you can't afford the big iron, then do what you can afford. for example, that is why I went to a (unrelated to the discussion at
Re: (Score:2)
What these big vendors don't want, is for smaller companies with capable staff creating their own massively cheaper appliances... This will force the big vendors to bring their prices back down to more realistic levels. A lot of these companies are very top heavy, and would experience significant pain if they had to operate on a less extortionate profit margin or against competition.
Re: (Score:2)
Big iron boxes have big iron price tags, and you can almost always hack together something cheaper. The question is how much more reliable, easy to configure, and easy to upgrade is the big iron? In most organizations, buying equipment is cheaper in the long run then buying experience and maintenance for a home grown solution.
Yes, but big iron boxes are just boxes. They might have special hardware optimized to do what they do, but it just might also be cheaper to DIY. Case in point - EMC Celerra: It is basicly a Redhat with custom management software (with nice but quite expensive hardware). Doing the same thing homegrown (iSCSI + NAS-gui) can be cheaper and you can even have more features. You can buy a support contract and you have a clear upgrade path, and there are propably contractors willing to work for you even if you can
Re: (Score:3, Informative)
The Apache reverse proxy was more of a security meas
Re: (Score:1)
...my setup isn't designed to accommodate the load discussed in this article...
Color me surprised. If your solution can't play in the big leagues that an F5 is aiming at, then what are you bragging about?
An F5 isn't aimed at the problem you solved (at least not at that small a scale). It's intended for high-traffic, bandwidth-intensive applications and sites. Did you post to confirm the premise of the article? If so, I totally missed that, what with the way text often fails to convey tone.
Re: (Score:3, Interesting)
If you'd like more info on Apache HA, I'd start here:
http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html [apache.org]
You also
Re: (Score:2)
Why did you cut off the ", but it does just that." part?
Re: (Score:1)
Large volume ETL problem (Score:2)
Interesting. We use perl scripts and Pentaho to do VERY high volume ETL. One could argue it's a bit Rube Goldberg, but it also works without a hitch, and software cost us $0.
You must be smart when buying these things (Score:5, Insightful)
You must be smart when buying stuff like this.
First off, if I'm handling 25k+ SSL TPS, point blank, I pay the money for an F5. A home built solution will only get you fired when something goes seriously wrong.
Secondly, if an F5 is out of your budge and you aren't handling 10s of thousands of SSL TPS, look elsewhere. Kemp Technologies makes a solution that support up to 10k SSL TPS for less than half the price and even cheaper if you handle even less. If you're not even handling a thousand of TPS, let your Apache servers handle SSL and be done with it.
Proving a (price) Point... (Score:3, Insightful)
You must be smart when buying stuff like this. First off, if I'm handling 25k+ SSL TPS, point blank, I pay the money for an F5. A home built solution will only get you fired when something goes seriously wrong.
I agree you must be wise with your purchases. At times, commercial hardware is justified. That being said, the entire point of the original article was to prove that there's NOT THAT much magic behind F5 hardware to justify the price tag. Accelerating SSL isn't rocket science, nor is it some uber-secret. The main point here was an attempt to prove the FOSS can and will do exactly what commercial software and hardware does at a micro-fraction of the cost. As I've said before, in this economy and shrinki
Re: (Score:2)
So the commercial offerings can and do fail as well...
With your own OSS based setup you have a chance of fixing it, with a commercial setup all you can really do is cast blame, but how exactly does casting blame help you get real work done?
Re: (Score:2)
A home built solution will only get you fired when something goes seriously wrong.
If you need commercial support, pay for it, my guess is that it will come to less than 45k
F5 is pretty useless too... (Score:5, Insightful)
First off, if I'm handling 25k+ SSL TPS, point blank, I pay the money for an F5. A home built solution will only get you fired when something goes seriously wrong.
An old boss has spent the last FOUR WEEKS with F5 and Cisco trying to figure out why their F5 load balancer starts dropping ACKS on the floor...at connection rates well under advertised capacity of the particular model in question, which has been in production use for months/year+. How the fuck about that- a load balancer that craps out...under load. How useful. The bug is triggered daily when this particular unnamed CA major internet company hits peak usage in the day.
At least with the open source community, you can hire someone to look at the code, or report the bug and try and get it fixed by the community. F5 has been completely useless, reportedly.
Re: (Score:3, Interesting)
Posting anonymously...'cause I work at F5, 3rd tier support.
I'd have to say your former boss' experience and opinion are atypical. Our customer sats are *awesome*, and the problems we address are the most complex. Turnaround time for serious bugs is *incredibly* fast. Open Source fast. Enhancements and minor tweaks, maybe never, and yeah, you can't add them yourself. Unless the behavior you want is in packet processing, in which case you can use TCL based iRules to do unimaginably brutal things to your
Re: (Score:2)
So your answer is, "Our stuff rox, if yours isn't working it's your fault."
Weak.
"Your snark is well constructed, but logically inert. F5 stuff handles the biggest loads going. Name a vendor that can compete on pps, thruput or other performance stat. Then show evidence from a repeatable, reasonable test rather than benchmarketing."
-1, off-topic. (And also -1, marketing.)
He's not talking about throughput, other than the fact that in his specific case, BIG-IP doesn't have it. Corner case, exceptional case, f
Re: (Score:2)
Actually his experience is pretty accurate - I used to work as a Tier 3 for a particular enterprise application. I'd tell TAM's and Tier 2's all the time that engineering can turn around fixes rather quickly if we have a test case and some data to go on.
Sadly our most vocal customers who had cases that would drag on for ages almost always refused to offer data, or give me access to custom applications or workflows so I could reproduce the issue etc.
All he's saying is - if you cooperate and do what I say - w
Re: (Score:2)
I started this idiot thread and I'm on your side, but being a commodity trading platform, it's not always "ok" to give the access they (F5 or whoever) ask for. So to that point, I understand.
Still, if I need that type of performance, I go F5. If you are having major issues with F5, chances are it's your network that is the problem and not the F5. F5 works period. Sure there are some things it has issues with, but nothing is perfect. If it doesn't work with F5, I'm not going to roll my own unless it's t
Re: (Score:2)
"integrated in a meaningful way" isn't particularly meaningful, except in a market-buzzword sense. Care to cite concrete examples of how integration improves throughput in BIG-IP products?
How about FTFA:
"Chaining proxies incurs latency at every point in the process. If you chain proxies, you are going to incur latency in the form of:
* TCP connection setup and teardown processing
* Inspection of application data (layer 7 inspection is rarely computationally inexpensive)
* Execution of functionality (caching, security, acceleration, etc...)
* Transfer of data between proxies (when d
turnaround time? Riiiight (Score:2)
Turnaround time for serious bugs is *incredibly* fast.
Uh huh. After being given pcap files/traffic graphs/response time graphs, F5 said it was a known bug and fixed in a certain release.
So they did an upgrade through change control, rolled it out. Absolutely no difference. That's when F5 started claiming that it wasn't their fault.
The interesting bit is that the bug very closely resembles a 1-2 year old FreeBSD bug...how about that, huh?
Of course I could produce something similar (Score:5, Informative)
Let me first state that I over see a large deployment of F5 systems and I have compared commercial offerings in this space many times over the years. I have a deep understanding of the tools available and see the work product every day.
Both articles are great for debate. Showing that FOSS and tools available could produce a solution that resembles a commercial product is wonderful in promoting the power and breadth of FOSS. F5's response is good but also a bit disappointing as I find they have much more than is covered in their response.
I'm honestly surprised that F5 responded at all as there's really no comparison between the solutions for real world work loads and support. First and foremost is the thought that these are only load-balancers. The term used most appropriately today is "ADC" (Application Delivery Controller). The reason is that they not only perform load-balancing but reverse proxy cache, compression, acceleration, tuning, and in-stream logic decisions.
F5's products allow you to create profiles for services that are reusable and easy to maintain. You can deliver new configurations in minutes. They also work with the major application vendors to produce proper configurations that you can use out of the box. iRules (TCL) is an awesome tool directly integrated into the product that as F5's tag line says, "With iRules you can". Even with all of the this power and robust tools you will see little or no impact on high performance applications.
F5 also offers the community DevCentral which, in my opinion, gives back to the community in a proper FOSS style.
I won't even go into the underlying architecture such as the TMM kernel and separate management kernel.
F5's article does state one thing very clear and I would want to emphasis it. Humans cost far more over time than capitol expenditures.
I believe that F5 has taken FOSS to proper pedestal in the industry. If anyone thought for one second that FOSS was toys and not to be considered for serious work loads then F5 proves them wrong. Cisco has been trying to chase F5 for years and are still nowhere near them. F5 systems are my swiss-army knife of networking and I'm proud to purchase and use them from my FOSS background but also know they save my butt every day.
Re: (Score:3, Interesting)
I'm honestly surprised that F5 responded at all as there's really no comparison between the solutions for real world work loads and support.
Me too. If anything, making a defensive response like that is going to lend credence to the other side of the argument. People who know what F5 does don't need to be convinced, but those don't know are now thinking "hey, F5 is afraid of this." Seems like bad marketing to me.
Re: (Score:2)
Not "You should use this always." Not "BigIP sucks." You filled in your own blanks - why? There were no blanks to fill in.
Sure, the open source solution isn't perfect, but it's a decent one if you can't afford a pair of fifty thousand dollar boxes but you want offloading, caching, and load balancing.
aSSL anyone? (Score:1)
Re: (Score:1)
Right tool for the job^H^H^H company (Score:3, Insightful)
If a site is big enough that it really needs the performance/scale of such an F5 appliance, then the price tag is not that great and likely reflects .001% of the IT budget or less. Some shops will be better served with the cheap OSS solutions, and others would blow one up fairly quickly. If you blow it up fairly quickly and the $50k price tag is also hard to justify, then your cost of doing business is severely out of whack.
Marketing barrage (Score:2, Insightful)
Big IP isn't worried about this home grown solution, because in the end, businesses buy warranties, maintenance and upgrade paths. Something the FOSS solution doesn't have prepackaged.
Enjoy o3's article; it's a great project. Have fun building it, but don't take offense
"Mimic"? It actually DOES it (Score:2)
F5 makes great devices but not everyone can afford them, so this article showed how you could achieve most of the same results with open source software. I've used the BigIP and I liked working with it.
Re: (Score:1)
cbreaker,
The 6900 does not have a white box hardware equivalent. You will just have to take my word for that.
Much more importantly that duct-taped baby is NOT actually doing the same things. The fact that seemingly intelligent people in the /. community don't grasp that might be why this person decided they needed to rebutt the article
Oh and btw you're so totally busted- we all know you didn't even read the blog or you would know that LORI isn't a GUY. :)
Re: (Score:2)
I didn't have to read every detail because I'm already familiar with most of that software.
You obviously have a predisposition against open sourced software solutions because of your derogatory statements like "duct-taped baby."
It's semantics. Okay, so under the hood it works differently. But the net result is similar with a full solution (not just the SSL accelerator part) - load balancing, offloading, caching.. If you wanted to, you could
o3 Returns Fire (Score:2)
The writer of the article response to Lori's claims
http://o3magazine.blogspot.com/2009/04/ssl-accelerator-strikes-nerve-with-f5.html [blogspot.com] ...and nails her on a few I'd say.