F5 Network’s latest iteration of its Big-IP product line builds on an already great load balancer. This product now can choose which server or resource it will send traffic to on the basis of traffic volume. It can also decide where to send it based on the function of the receiving device compared with the contents of the traffic.
By adding a Universal Inspection Engine, Big-IP evolves to the next level with the addition of layer-7 inspection capabilities.
This enhancement opens up all sorts of possibilities. You can look for XML content, for example, and send traffic with XML requests to the proper server. You can also send a request for streaming media to the media server — all without having another server needed to play traffic cop.
Big-IP comes on one of three platforms that varies according to the number of ports and the speed of the processor.
We tested the 16-port model 2400. This 2U appliance must be configured using its console port before you can move to its Web-based management interface.
The management interface resembles a Web version of what you’d normally find on the command line of a Cisco switch. Think of it as the worst of both worlds. When you’re getting ready to perform packet inspection. For example, you have to tell Big-IP where to look in the IP packet for the information, and what information to look for. So you’ll probably have to inspect typical packets manually and determine how far from the beginning the information may fall. This is not a task for a beginner.
Using a feature called iRules is supposed to make creating the universal inspection rules easier. It also allows rules to be deployed on multiple Big-IP platforms. But we found using iRules to be quite difficult. Although the feature is probably better than hand-coding in hex, it’s not the most user-friendly interface on the planet.
When you’ve dealt with the clunky management interface, you’re ready to start managing traffic. This is an area in which F5 excels. We tested Big-IP using two pieces of test equipment from Spirent Communications: Caw Web Avalanche and Web Reflector.
Web Avalanche generates layer-7 traffic and acts like a vast number of clients. Web Reflector acts as a collection of high-volume servers. We ran both devices through Gigabit Ethernet connections to Big-IP and cranked up the speed to about 30,000 layer-7 transactions per second.
Big-IP searched for the language information in the HTTP request in the IP packets. The device was designed to look for one of three specific languages — English, German, and Japanese — and to route the content accordingly to specific servers. Everything else was sent to a fourth server. The server response indicated whether the traffic was directed correctly.
Our Big-IP never broke a sweat. When we checked the results on Web Avalanche after the test runs, we found that despite a full gigabit pipeline, every packet was properly directed, there was no packet loss and plenty of capacity to spare.
F5 says that Big-IP will support a number of protocols, including the normal Web protocols, as well as SIP, SOAP, SQL, and XML.
Configuring Big-IP with iRules isn’t easy but, at least, it’s not a task that you have to do on a regular basis. When Big-IP is up and running, it just sits in the rack and runs, quietly directing traffic. You can use it for a variety of tasks including directing virtually any type of layer-7 traffic.
Although F5 doesn’t make a big deal about it, Big-IP still includes functions it’s had all along. This means features such as integrated SSL are present — they work just fine. Likewise, Big-IP retains its excellent load-balancing functions, so if you need to use it to manage only part of your traffic, and you also need to simply distribute routine traffic on the basis of traffic volume, server load, or server availability, it’s all still there.
In short, you can use Big-IP 4.5 as the primary traffic handling appliance in your network, regardless of whether you need the layer-7 capability on everything.
Features we tested in earlier versions of Big-IP devices went untested on this iteration. They included the capability of working redundantly. You can order a pair of these devices and set them up to for automatic fail-over. This ensures that your Web presence doesn’t disappear just because an appliance fails.
Much of what works so well in Big-IP is the result of F5’s new Packet Velocity ASIC. The company said this provides a dramatic performance improvement compared with older architectures.
The Packet Velocity ASIC is available on the model 2400 platform and on the larger platform, the 5100. The smallest of the three, the model 1000, uses an older architecture.
F5 representatives say that there are some significant improvements in the mill for creating iRules and for managing Big-IP. When those improvements arrive, Big-IP will be a significant resource for enterprise traffic management. Even now, Big-IP is a real plus for companies that need to optimise their network efficiency and have access to (or can train) the staff necessary to manage it.