Solved: is a css the guessed solution for our needs?

chasm_Ger · ‎09-26-2006

Hello,

we are looking for a load balancer solution for our server farm.

Let me explain the situation:

We have two leased lines from different providers coming into our server racks in one local data center. In this racks there are some webservers, and a lot of local servers working in computer telephony (no connections from/to outside). But for this local servers there are special proxy systems with tcp connections of our customers from WAN to operate computer telephony functions on the local systems.

Up to now there is one cisco 2811 on every leased line that makes packet filtering and some port forwardings. The webservers and proxy systems have official ip addresses.

1) We plan to give the css the official ip address where our domain name points to and the css should load balance the connections between the multiple webservers. This must be connection orientated, because of php sessions . Is this possible with a css?

2) We use a wildcard ssl certificate for our subdomains on the webservers. Can the css work with this? Its signed by GlobalSign. Will the css terminate the ssl encrypted connection but send the request on to the local webserver and send back its result through the ssl encrypted connection?

3) The both cisco 2811 also have some vpn tunnels for the proxy systems. Is there anything we have consider? Our plan is to place the css between the servers/systems and the both routers. Not physically, but with the default routes on the servers/systems, physically there are redundant switches where everything is connected to.

4) Finally, is a css to overdimensioned for our needs? Could all this be done with some cisco 7600er routers or anything else?

Thanks for answers. I know the question is not a real problem, but i thought i'm right here, because we are looking for the best network solution...

chasm

Gilles Dufour · ‎09-26-2006

the CSS11503 is modular.

The price you see is for an empty chassis.

You then need an SCM module and a SSL module in order and maybe a GIGE or FE module.

With your volume of traffic the 11501 should be enough.

The CSS can terminate http connections and inspect the url to determine which server to use. So, yes it can do what you described.

Gilles.

View solution in original post

Gilles Dufour · ‎09-26-2006

Chasm,

the CSS11501-S would be a good fit for all your needs.

If you expect growth or high volume of connections you might consider the CSS11503 or CSS11506.

Gilles.

chasm_Ger · ‎09-26-2006

Hi Gilles,

thank you for your prompt answer. I forgot one question in my first post:

Is the CSS able to route http requests to pre-defined webservers based on the requested url? An example: www.domain.com --> webserver1 but www.domain.com/statistics --> webserver2

Also possible for subdomains? www1.domain.com --> webserver5 and www2.domain.com --> webserver6

The connection volume looks like this:

HTTP/HTTPS hits per month 500.000 - 1.000.000 with 20 - 100 GB Traffic per month.

Max. 1 GB per day

Max. 700.000 hits per day

So there will be nearly 5000 connections per hour, so nearly 84 connections per minute.

Is there an explaination why the CSS 11501S-K9 should cost 11590 euro while the CSS 11503-AC should cost 9200 euro? I thought the 11503 is "better" then the 11501?

Thanks for answer

chasm

Gilles Dufour · ‎09-26-2006

the CSS11503 is modular.

The price you see is for an empty chassis.

You then need an SCM module and a SSL module in order and maybe a GIGE or FE module.

With your volume of traffic the 11501 should be enough.

The CSS can terminate http connections and inspect the url to determine which server to use. So, yes it can do what you described.

Gilles.