[AusNOG] web App firewalls.
Peter J. Cherny
peterc at luddite.com.au
Fri May 28 14:23:26 EST 2010
On 05/28/10 13:40, David Hughes wrote:
> On 28/05/2010, at 1:20 PM, Peter J. Cherny wrote:
>> If the device is a LB e.g. Alteon or F5 ...
>> ... what state do think it's tracking ?
>> I think terminology is getting in the way of understanding the
>> functionality.
> Well, any sort of load balancer by definition must keep track of where it's balanced the load. Also, seeing as an LB is basically a NAT device, it's got a stack of state to remember. If you fill the connection table on an LB or FW device the boxes behind it go off the air. Sounds like a great way to DOS yourself :)
That's why you use the likes of an Alteon 2424 which is designed for
multi GB/s !
I can't speak of the F5, but the 2424 copes with anything I've seen
thrown at it,
(think DoS during an Election).
I'd suggest you look at the SLB list http://vegan.net/lb/archive
More information about the AusNOG
mailing list