F5 Networks Inc.s Big-IP 4.5 joins a growing list of products that offer to move security, high availability, and other connection and user decisions away from servers and applications and into special-purpose appliances. As eWeek Labs tests of Big-IP 4.5 show, this approach makes sense. Big-IP let us discard "bad" traffic or send it to a monitor port.
Furthermore, the products new Universal Inspection Engine is impressive enough to justify further examination by IT managers who are thinking strategically about the effect Web services will have on their networks performance.
In tests, Universal Inspection Engine allowed us to extend load balancing functions, such as maintaining a persistent connection to an application server based on information we put in the data payload of our IP traffic.
We used iRules, another new Big-IP feature, to determine how the product should treat IP packets. These rules let us manipulate traffic streams at a fine level. IT managers should allocate senior network and application staff to work as a team to set up iRules because there are few pre-built functions for examining many common applications. With the help of F5, for example, we built a simple rule that looked for short strings in an IP packet. If the string matched one of the conditions, then the packet was sent to the pool of servers on the test network. Otherwise, the IP address was logged, and the packet was discarded.
Writing effective iRules will likely get easier as F5 expands the number of application-specific functions provided with the product. As Big-IP 4.5 stands today, there are only a handful of capabilities for several products, including BEA Systems Inc.s BEA WebLogic Server, along with one for Session Initiation Protocol, a protocol that will likely play a big part in future voice-over-IP applications.
In the meantime, Big-IP 4.5 users can get the same capabilities by writing compound rules. These rules can be saved, but they cannot be used in other rules, which is the advantage of such functions.
It is also clear from testing that Big-IP 4.5, which is available now for $43,990 when shipped on redundant F5 Big-IP 2400 application switches, is a first-generation product. In our first round of tests, for example, Universal Inspection Engine didnt actually sort the test packets created by our Ixia traffic generator. (We used the Ixia IXWeb application running on LM100TX cards to generate the Layer 7 traffic that was crucial in testing the Big-IP 4.5 product.) A patch supplied by F5, which is now part of the shipping version of the product, corrected the problem.
IT managers should think carefully about how Web services might affect their networks in two or three years. From that vantage point, Big-IP 4.5 is built for the future: Its capabilities move beyond filtering and connection persistence found in load balancers currently on the market. We expect competitors including Cisco Systems Inc. and Foundry Networks Inc. will work to match these capabilities.
Big-IP 4.5 could filter test traffic on the basis of any information in an IP packet. This puts it a step ahead of traditional load balancers, which are limited to filtering by cookie, HTTP header or other well-understood Web application traffic.
It also means that Big-IP 4.5 can see and understand the data in protocols such as XML and SQL. Because these and other IP protocols are likely to be used extensively in Web services, we expect more vendors to add this functionality to their traffic management tools.
As more load balancing products gain these advanced features, we expect to see network managers working more closely with other parts of the IT organization, including application and system managers, to devise a cooperative strategy that allows appropriate access to applications while shunting undesirable traffic as soon as it hits the network.
Aside from devoting several high-value people to code the iRules, most IT departments will not have to add much to the budget to maintain the systems. In particular, departments that already use F5 equipment and software should have no trouble incorporating this latest version of the product into their daily operations. We used the Web-based interface to configure and maintain our Big-IP 4.5 systems without a fuss.
The concept of virtual servers, pools and nodes are still part of the product. We used the GUI to configure two virtual servers that filtered traffic to three pools of servers. IT managers should have little trouble accommodating network configurations that include network address translation and proxy servers.
Along with other management functions that should be familiar to current users of Big-IP software, we used the monitors to make sure that the servers in our network were up and running before sending them traffic. We customized monitors to look for specific (and rather esoteric) services to be available while we were running tests. Big-IP consistently recognized when applications such as FTP were no longer available and stopped sending traffic to those servers, even during heavily loaded test runs. As in previous versions of the product, monitors can be strung together to ensure that all necessary services are running before traffic is sent.
F5 also made an incremental change to the hardware it uses to host Big-IP 4.5, including the 2400 application switch we used in tests. New application-specific integrated circuits provide enhanced traffic handling for Layer 7 (application) traffic. F5 calls this new capability Packet Velocity, and we had no trouble using the new hardware to handle test traffic.
Senior Analyst Cameron Sturdevant is at firstname.lastname@example.org.