

Do You Even Load Balance? - darkhelmetlive
http://verboselogging.com/2013/06/17/do-you-even-load-balance

======
bifrost
Thats cool and all, but using your firewalls for loadbalancing is kinda..
uh... not so good. As demonstrated, even derptastic HAProxy is better than the
loadbalancing stuff built into your FW... For about $50-100/each you can buy
10 year old loadbalancers via eBay that do a WAY better job of this. They're
more accurate AND use less cpu/watts than HAProxy will as well.

Just something to consider...

~~~
darkhelmetlive
Yeah, it was kind of a "hey it does it for free" sort of thing.

I mean, if it's never really a problem, why spend more time setting extra
things up. That being said, I'd have no problem setting up and managing
HAProxy if we wanted to do that.

The fw boxes are from these guys:
[http://www.watchguard.com/](http://www.watchguard.com/) They were X550e's
this weekend we're installing XTM 515's

~~~
bifrost
Ahh ok, that explains why I've never seen that before.

I'm all for free, except when you're technically paying for it with
licensing/etc.

I was totally serious about the $50-100 boxes being better than HAProxy,
they're monumentally better at the basics. Where they don't do so hot is with
SSL acceleration, but considering how fast AES-NI is, I don't bother doing
that with loadbalancers anymore. Also fully HA and you don't have to deal with
source/dest NAT issues if you're using DSR.

------
darkhelmetlive
I was playing with load balancers this past weekend. Some code that came out
of it:
[https://github.com/darkhelmet/balance](https://github.com/darkhelmet/balance)

