> -----Original Message----- > From: Dobbins, Roland [mailto:rdobb...@arbor.net] > Sent: Tuesday, January 05, 2010 8:53 PM > To: NANOG list > Subject: Re: I don't need no stinking firewall! > > > On Jan 6, 2010, at 11:43 AM, George Bonser wrote: > > > Yes, you have to take some of the things that were done in one spot > and do > > them in different locations now, but the results are an amazing > increase > > in service capacity per dollar spent on infrastructure. > > I strongly agree with the majority of your comments, with the caveat > that I've seen many, many load-balancers fall over due to state- > exhaustion, too; load-balancers need northbound protection from DDoS > (S/RTBH, flow-spec, IDMS, et. al.), as well. >
Yes, I have seen load balancers fall over, too. I have some interesting stories of how those problems have been solved. Sometimes it relies on using a feature of one vendor to leverage a feature of another vendor. But I generally agree with you. There is a lot that can be done ahead of the load balancers.
