NetScalers Flagship Web Content Manager Scales Up

RS9800 good for large Web sites but lacks clustering capabilities.

NetScaler Inc.s latest Layer 7 appliance, the Secure Application Switch Request Switch 9800, harnesses on-board SSL acceleration and global load balancing to provide large-scale Web sites and service providers with a robust, comprehensive content management system.

In eWeek Labs tests, the RS9800—the flagship of NetScalers Web application control appliance line—provided intelligent traffic management through NetScalers unique Request Switching technology. Request Switching handles Web application traffic by analyzing and directing incoming Web traffic at the application level, allowing granular traffic optimization and security capabilities.

The RS9800, which shipped in February, can boost Web site performance by using connection multiplexing techniques to merge multiple client sessions into a smaller number of persistent connections. The amount of multiplexing depends on the packet size and the type of Web traffic. In our SSL (Secure Sockets Layer) tests, we found the RS9800 to be multiplexing at a 4-1 ratio on average, saving significant bandwidth.

In addition to providing robust content management features, NetScalers appliance offers built-in security features such as protection from denial-of-service attacks and intrusion detection and prevention capabilities.

The RS9800 comes in a compact 2U (3.5-inch) form factor. The appliance we tested, which costs $50,000, included an Intel Corp. 2GHz Xeon processor, 2GB of double-data-rate synchronous dynamic RAM and four copper Gigabit Ethernet ports. A system with four Fibre Channel Gigabit ports for sites with fiber-network backbones is also available for the same price.

NetScaler sells its two Secure Application Switch models, the RS9400 and RS9800, in high-availability configurations. The RS9800 is priced at $75,000 for a high-availability pair and supports four Gigabit Ethernet ports. The RS9400 supports two 10/100M-bps Ethernet ports and costs $45,000 per pair in high-availability configurations.

Sites that dont need gigabit throughput or Layer 7 content management should consider the lower-end Secure Application Gateway RS9200 and RS9600 models, which are priced starting at $25,000.

Competing application switches and appliances, such as Cisco Systems Inc.s CSS (Content Services Switch) 11000 Series, F5 Networks Inc.s Big-IP 5000 Application Switch and Nortel Networks Corp.s Alteon Application Switch 2000 Series, integrate Layer 7 switching capabilities within a switch fabric, so sites neednt purchase extra switches. (The RS9800 requires a switch.)

By comparison, the Cisco CSS 11000 Series appliance doesnt offer SSL acceleration or as many Layer 7 switching features, but it has a lower starting price: $17,000. F5s Big-IP 5000 appliance starts at $35,000 and has the closest feature set to the RS9800s, with more comprehensive quality-of-service and type-of-service capabilities.

The NetScaler RS9800 did well in our tests using WebAvalanche Version 5.0, Spirent Networks Inc.s Web site stress-testing appliance, which generates Web client requests.

On the server side, we used Spirents WebReflector 5.0, which simulates the behavior of Web server farms and provides responses to the client load generated by the WebAvalanche.

We configured the RS9800 to run in-line between the WebAvalanche and the WebReflector 5.0 devices. The WebReflector software enabled us to set up virtual server farms using different IP subnets, which allowed for realistic simulations. Previous versions of WebReflector did not provide for subnetting.

We set up a simple pool of four Web servers in two subnets and used the routing capabilities of the WebReflector to direct the WebAvalanche client requests to the virtual IP addresses of the RS9800.

Because of limitations in WebAvalanche, we couldnt test the maximum number of HTTP GET requests the RS9800 can handle enabled with the default least-connection load balancing scheme (a scheme where the load balancer will forward traffic starting to the server with the least number of connections). In tests using 512KB packets, the RS9800 delivered slightly less than 50,000 transactions per second. However, the system was running at less than 50 percent CPU utilization, so our test results were in line with NetScalers claim of 100,000 tps at maximum capacity.

When we tested the RS9800s SSL performance using WebAvalanche and WebReflector, the appliance delivered 4,500 tps on average—slightly better than the advertised rate of 4,400 tps.

The RS9800 comes with standard redundant power supplies and high-availability support. Clustering more than two RS9800s isnt supported, but future releases will cluster more systems, NetScaler officials said.

Technical Analyst Francis Chu can be reached at