Viability of nginx instead of hardware load balancer?

Mirosław Jaworski mjaw at
Wed Sep 16 01:25:47 MSD 2009

On Tue, 2009-09-15 at 15:41 +0100, John Moore wrote:
> I'm working on a project where it's critical to minimize the possibility 
> of a single point of failure, and where there will be quite high 
> traffic. Currently in another version of the system we're using nginx as 
> a remote proxy server for Tomcat, but the current plan is to use a 
> hardware load balancer in front

...which is a single point of failure too. And the "hardware" in 
"hardware load balancer" isn't so "hardware" as people tend to 
think. It's much closer to "common hardware, without redundant
power supplies, without RAIDs, with the base system on the flashcard
and with the SSL accelerator card". You can make one at 1/10th of the
price of the "hardware" one yourself, maybe 1/5th if you purchase
the same SSL accelerator card, which is supported by the OS you would
use to make your own hardware load balancer.

> of a Tomcat cluster (or a cluster of 
> nginx+Tomcat instances).
> I'm wondering, though, given the extraordinary 
> performance and reliability of nginx, whether we might be able to omit 
> the hardware load-balancer and use instead a couple of dedicated minimal 
> nginx servers

If you really want only load balancing ( no proxying/caching/SSL
acceleration ) you can make damn fast and easy lvl2 load balancing
using BSD packet filter pf and relayd ( with backend monitoring );
if you want failover setup you can also have it with pf's pfsync
and carp ( VRRP implementation ). You can also give up on "hardware
firewalls" in front of it and use the same pf to protect whole
environment behind.

Put that on frontends and put nginx/tomcat on the backends as you 

Miroslaw "Psyborg" Jaworski
GCS/IT d- s+:+ a C++$ UBI++++$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O-
M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y?

More information about the nginx mailing list