F5 Offers One-Stop Appliance Service

 
 
By Andrew Garcia  |  Posted 2004-11-22
 
 
 

F5 Offers One-Stop Appliance Service


With Version 9, F5 Networks Inc. has overhauled its familiar Big-IP line with new hardware and software to provide the bounty of services that companies used to get from several distinct appliances.



Click here to read the full review of Big-IP Version 9.

2


With Version 9, F5 Networks Inc. has overhauled its familiar Big-IP line with new hardware and software to provide the bounty of services that companies used to get from several distinct appliances.

With Big-IP Version 9, F5 has moved beyond Layer 4-7 switching to provide services such as SSL (Secure Sockets Layer) acceleration, TCP offload and optimization, compression, rate shaping, and protocol sanitization—features weve seen the last couple of years in Web front-end appliances from rivals such as Array Networks Inc., NetScaler Inc. and Redline Networks Inc.

But Big-IP, available now, stands above the crowd with unmatched flexibility and configurability provided by the new versions of F5s Universal Inspection Engine and iRules. iRules is a TCL (Tool Command Language)-based scripting language that provides a depth of control over HTTP traffic and other applications that competing solutions lack .

Capitalizing on Big-IPs flexible scripting and the new TMOS (Traffic Management Operating System) fast application proxy, administrators can query or manipulate packet headers or payload content.

Early iRules examples weve seen allow selective cookie encryption, provide detection routines for malicious traffic such as the Slammer worm and can strip identifying data out of Web server responses.

eWEEK Labs tested Big-IP Version 9 on F5s high-end 6400 IP Application Switch, a 2U (3.5-inch) device that has dual processors, 2GB of RAM, F5s Packet Velocity ASIC 2 (application-specific integrated circuit), 16 Gigabit Ethernet ports, two Fiber Gigabit ports, one out-of-band management port and a pair of hot-swappable power supplies .

Pricing for the basic 6400 starts at $34,995; the unit we tested included add-on modules for increased compression, rate shaping and routing, and increased SSL acceleration. These modules are available for $1,995 each.

Customers with lower throughput demands can choose from two lower-end models: the $16,995 1500 Series or the $25,995 3400 Series appliance. The 1500 includes a single CPU, 768MB of RAM and four Gigabit Ethernet ports, while the 3400 has one CPU, 1GB of RAM, the Packet Velocity ASIC 2 and eight Gigabit Ethernet ports.

Version 9 supports multiboot images. Administrators can load multiple software revisions onto the appliance and boot between images to aid the upgrade process.

Big-IP allows administrators to pair devices for fault tolerance. However, we find Redlines Active-N Mesh to be a more scalable alternative.

We tested Big-IP by placing the 6400 switch between our client machines and several Windows 2000 Server machines from Microsoft Corp. running the companys IIS (Internet Information Services) 5.0, and we connected to a back-end database running Microsofts SQL Server 2000. We loaded each Web server with a variety of static and dynamic content and used Microsofts Internet Explorer to test the configuration from the client machines.

Big-IPs Web-based management GUI is a revelation, vastly simpler than NetScalers Java-based GUI or the command-line administration that is still common with traffic management devices. F5 has built control over many advanced configuration capabilities into the GUI, allowing administrators to select Basic menus for common administrative tasks or Advanced menus for more complex options.

From the GUI, we configured a pair of front-end virtual servers on Big-IP—one server for HTTP and the other providing SSL-encrypted access to our content—with each virtual server pointing to our pool of Web servers. For load balancing, we used the simple round-robin approach. Big-IP also supports many other load balancing methods, including ratio-based, least connections and predictive balancing.

Next page: Nested profiles ease admin.

Page Three


We liked Big-IP Version 9s use of nested profiles to ease ongoing administration. Administrators define profiles that dictate configuration settings on a virtual server for various services or protocols, in addition to encryption, authentication or TCP offload parameters. Nested profiles allowed us to easily set basic configuration levels for our virtual servers, which cascade to any tailored child profiles we defined to address changes that a virtual server might demand.

Big-IP provides bidirectional SSL acceleration. Companies can choose to terminate encryption from client machines at the Big-IP to allow application processing and reduce load on the servers, and they can re-encrypt data between the Big-IP and Web servers to provide maximum data security.

F5s OneConnect TCP offload functionality allows Big-IP to establish and maintain TCP sessions with the back-end servers and multiplex multiple client connections within these sessions. This reduces the amount of TCP processing overhead on the servers, which should increase the number of simultaneous client connections each server can support.

During tests, we noticed that Big-IP does not currently support caching of Web content. F5 officials said that simple caching poses too much of a risk for serving stale content and that advanced routines are necessary to avoid this. Advanced caching features in Big-IP should be available next year, according to the officials.

We appreciated the depth of control we could get over compression settings. By default, Big-IP allows administrators to select compression depending on URL extension or data type, and iRules allows even more flexibility. The compression level can be adjusted, depending on how much processor power administrators want to dedicate to the feature.

Compression levels varied according to the content in our tests of three page types (static HTML only, a mix of HTML and GIFs, and a dynamically generated Web page) at two compression settings. However, we generally found that the extra processing power needed for the highest levels of compression yielded minimal improvement.

The static page compressed 64 percent at the lowest setting and 69 percent at the highest. The mixed page achieved 41 percent compression at the low setting and 44 percent on high. The dynamically generated page showed 17.5 percent compression at both settings.

F5s user support site is impressive and includes an active user community where F5 customers discuss various issues and can post iRules configuration files to perform specific tasks—although there were a limited number of iRules available online during our testing.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.

Rocket Fuel