By Andrew Garcia  |  Posted 2004-11-22 Print this article Print

With Version 9, F5 Networks Inc. has overhauled its familiar Big-IP line with new hardware and software to provide the bounty of services that companies used to get from several distinct appliances.

With Big-IP Version 9, F5 has moved beyond Layer 4-7 switching to provide services such as SSL (Secure Sockets Layer) acceleration, TCP offload and optimization, compression, rate shaping, and protocol sanitization—features weve seen the last couple of years in Web front-end appliances from rivals such as Array Networks Inc., NetScaler Inc. and Redline Networks Inc.

But Big-IP, available now, stands above the crowd with unmatched flexibility and configurability provided by the new versions of F5s Universal Inspection Engine and iRules. iRules is a TCL (Tool Command Language)-based scripting language that provides a depth of control over HTTP traffic and other applications that competing solutions lack .

Capitalizing on Big-IPs flexible scripting and the new TMOS (Traffic Management Operating System) fast application proxy, administrators can query or manipulate packet headers or payload content.

Early iRules examples weve seen allow selective cookie encryption, provide detection routines for malicious traffic such as the Slammer worm and can strip identifying data out of Web server responses.

eWEEK Labs tested Big-IP Version 9 on F5s high-end 6400 IP Application Switch, a 2U (3.5-inch) device that has dual processors, 2GB of RAM, F5s Packet Velocity ASIC 2 (application-specific integrated circuit), 16 Gigabit Ethernet ports, two Fiber Gigabit ports, one out-of-band management port and a pair of hot-swappable power supplies .

Pricing for the basic 6400 starts at $34,995; the unit we tested included add-on modules for increased compression, rate shaping and routing, and increased SSL acceleration. These modules are available for $1,995 each.

Customers with lower throughput demands can choose from two lower-end models: the $16,995 1500 Series or the $25,995 3400 Series appliance. The 1500 includes a single CPU, 768MB of RAM and four Gigabit Ethernet ports, while the 3400 has one CPU, 1GB of RAM, the Packet Velocity ASIC 2 and eight Gigabit Ethernet ports.

Version 9 supports multiboot images. Administrators can load multiple software revisions onto the appliance and boot between images to aid the upgrade process.

Big-IP allows administrators to pair devices for fault tolerance. However, we find Redlines Active-N Mesh to be a more scalable alternative.

We tested Big-IP by placing the 6400 switch between our client machines and several Windows 2000 Server machines from Microsoft Corp. running the companys IIS (Internet Information Services) 5.0, and we connected to a back-end database running Microsofts SQL Server 2000. We loaded each Web server with a variety of static and dynamic content and used Microsofts Internet Explorer to test the configuration from the client machines.

Big-IPs Web-based management GUI is a revelation, vastly simpler than NetScalers Java-based GUI or the command-line administration that is still common with traffic management devices. F5 has built control over many advanced configuration capabilities into the GUI, allowing administrators to select Basic menus for common administrative tasks or Advanced menus for more complex options.

From the GUI, we configured a pair of front-end virtual servers on Big-IP—one server for HTTP and the other providing SSL-encrypted access to our content—with each virtual server pointing to our pool of Web servers. For load balancing, we used the simple round-robin approach. Big-IP also supports many other load balancing methods, including ratio-based, least connections and predictive balancing.

Next page: Nested profiles ease admin.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel