F5 Networks Big-IP 6400 Bendigo VIC
On review we have the Big-IP 6400 LTM (Local Traffic Manager), which is delivered as a 2U rack appliance solution capable of handling a 2Gbps traffic throughput. The pair of single-core Opteron processors and DDR memory are looking dated considering the starting price but the rest of the hardware package does include dual SSL accelerator cards.
Totally Whild
0407 851021
0407 851021
PO Box 333
Golden Square, VIC
Golden Square, VIC
Your PC Matters
1300 307 970
1300 307 970
243 Dandenong Road
Windsor, VIC
Windsor, VIC
AFS & Associates Pty Ltd
(03) 5443 0344
(03) 5443 0344
61 Bull St
Bendigo, VIC
Bendigo, VIC
Technology One Ltd
(03) 9526 4300
(03) 9526 4300
Level 4, 420 St Kilda Rd
Melbourne, VIC
Melbourne, VIC
Nextdata
(03) 9017 6605
(03) 9017 6605
737 Burwood Rd
Hawthorn, VIC
Hawthorn, VIC
G-CATS Geelong Computer and Training Services
03 5229 7121
03 5229 7121
28 Fenwick Street
Geeloong, VIC
Geeloong, VIC
Latrobe University Book Shop
(03) 5444 7516
(03) 5444 7516
Latrobe University Edwards Rd
Bendigo, VIC
Bendigo, VIC
Ezy Systems Pty Ltd
(03) 5441 2044
(03) 5441 2044
17a Hopetown St
Bendigo, VIC
Bendigo, VIC
Electronics Boutique Australia
(03) 9793 8011
(03) 9793 8011
Ground Level Dandenoong Plaza Clow St
Dandenong, VIC
Dandenong, VIC
Uniware Pty Ltd
(03) 8804 0804
(03) 8804 0804
19 Walkers Rd
Nunawading, VIC
Nunawading, VIC
F5 Networks Big-IP 6400
There may a wide choice of vendors in the load balancing, or application delivery, market but F5 Networks has been a clear leader for some time now. And it's easy to see why as its Big-IP boxes offer more features that you can shake a stick at.
On review we have the Big-IP 6400 LTM (Local Traffic Manager), which is delivered as a 2U rack appliance solution capable of handling a 2Gbps traffic throughput. The pair of single-core Opteron processors and DDR memory are looking dated considering the starting price but the rest of the hardware package does include dual SSL accelerator cards.
F5 uses a multi-layered approach to traffic management as the appliance runs its proprietary TMOS kernel, which is essentially a TCP proxy and traffic inspection engine. One of the system processors is dedicated to TMOS, while the second looks after a separate Linux kernel, which provides all the management, monitoring and reporting functions. All traffic passing through the appliance is handled by F5's TMOS and, where appropriate, it will decide to use its own hardware to switch traffic but in the case of SSL traffic, for example, it will hand this over to the accelerator cards.
The appliance protects against threats such as DDoS attacks and offers tools for implementing application security. Resource cloaking stops information being leaked out that hackers may be able to use to gain information about a network, encryption can be applied selectively to protect content and the appliance can act as an authentication proxy. Other features include TCP Express - a proprietary network stack written by F5 to broker connections between hosts and applications.
We found installation in the lab a pleasantly simple affair and aided admirably by the appliance's well-designed web interface. All licensed options are displayed in a tree to the left and each one expands to show their related features. You can start by sorting out administrative access as the appliance has a dedicated port for this and then you can move onto configuring the main Gigabit network ports where you create VLANs and assign port memberships.
The Big-IP uses the common concept of grouping multiple physical servers together and presenting them as a single virtual server, where it performs load balancing across them. The process of setting these up is very simple as you create pools and add your physical servers to them as members. Next, you choose the load-balancing scheme and F5 offers no less than fifteen different methods.
Naturally, you get the standard round robin mode, which intercepts incoming requests and distributes them to each server in strict rotation. At the other end you have options including F5's unique predictive balancing, which analyses traffic to individual pool members over time and predicts future patterns to avoid any one member server becoming overloaded.
Weightings, or ratios, can be applied to pool members that will also affect load balancing. The higher a server's ratio is the more likely traffic is to be sent to it. Dynamic ratios look interesting as these are based on SNMP queries, which poll the servers, look at system utilisation and automatically reduce traffic sent to overloaded servers.
F5 goes one step beyond with its priority groups as these can be used to add extra levels of redundancy to virtual servers. If, for example, you have ten member servers, you can give five a higher group priority, which means only they will have traffic directed at them. If one fails then a server from the lower priority group will be brought in to replace it.
Virtual servers come next where you provide an IP address, decide on the type of service on offer and assign a pool to them. The HTTP profile brings in valuable traffic optimisation and acceleration capabilities, which will be very useful for slow WAN links. Along with compression, the appliance can also cache HTTP objects in memory to improve web server responses.
Layer 4 inspection can maintain persistent connections where the appliance uses source and destination IP addresses or SSL session IDs to ensure a specific client is always directed to the same server. Layer 7 inspection takes this up a level as you can use actual content to set up persistent connections along with features including application session IDs, URLs and cookies.
Universal persistence maintains a state table using any information gathered from Layer 4 through to Layer 7 inspection and employs this to maintain persistent connections. Of course, cookie based persistence is on the list and is a technology that F5 actually pioneered a number of years ago.
F5's iRules enble you to create custom policies that determine how specific traffic is handled. These can range from looking for information such as credit cards numbers in HTTP traffic and replacing them with hashes to identifying VoIP traffic, prioritising it and maybe modifying the packet contents.
Other functions could be to inspect HTTP content and based on information such as the URI, cookie or HTTP response codes, direct a host to a particular physical server. After some practise we found iRules easy enough to use and for testing we created one that inspected HTTP web mail traffic for details of our mail server software. When activated our rule simply removed the name of the software as returned allowing us to hide this information.
The web interface provides reasonably good real time statistics on appliance performance, traffic handling and load balancing but general reporting tools are thin on the ground. At present this requires integration with third party management tools such as HP OpenView. However, F5 advised it is working on an optional appliance reporting tool based on Microsoft's System Center Operations Manager.
Considering the starting price we would have expected a superior hardware specification but there's no denying the Big-IP 6400 is delivering an impressive range of load balancing and application delivery features. Reporting options are also limited but the management interface is easy to get on with making the system very simple to deploy.
On review we have the Big-IP 6400 LTM (Local Traffic Manager), which is delivered as a 2U rack appliance solution capable of handling a 2Gbps traffic throughput. The pair of single-core Opteron processors and DDR memory are looking dated considering the starting price but the rest of the hardware package does include dual SSL accelerator cards.
F5 uses a multi-layered approach to traffic management as the appliance runs its proprietary TMOS kernel, which is essentially a TCP proxy and traffic inspection engine. One of the system processors is dedicated to TMOS, while the second looks after a separate Linux kernel, which provides all the management, monitoring and reporting functions. All traffic passing through the appliance is handled by F5's TMOS and, where appropriate, it will decide to use its own hardware to switch traffic but in the case of SSL traffic, for example, it will hand this over to the accelerator cards.
The appliance protects against threats such as DDoS attacks and offers tools for implementing application security. Resource cloaking stops information being leaked out that hackers may be able to use to gain information about a network, encryption can be applied selectively to protect content and the appliance can act as an authentication proxy. Other features include TCP Express - a proprietary network stack written by F5 to broker connections between hosts and applications.
We found installation in the lab a pleasantly simple affair and aided admirably by the appliance's well-designed web interface. All licensed options are displayed in a tree to the left and each one expands to show their related features. You can start by sorting out administrative access as the appliance has a dedicated port for this and then you can move onto configuring the main Gigabit network ports where you create VLANs and assign port memberships.
The Big-IP uses the common concept of grouping multiple physical servers together and presenting them as a single virtual server, where it performs load balancing across them. The process of setting these up is very simple as you create pools and add your physical servers to them as members. Next, you choose the load-balancing scheme and F5 offers no less than fifteen different methods.
Naturally, you get the standard round robin mode, which intercepts incoming requests and distributes them to each server in strict rotation. At the other end you have options including F5's unique predictive balancing, which analyses traffic to individual pool members over time and predicts future patterns to avoid any one member server becoming overloaded.
Weightings, or ratios, can be applied to pool members that will also affect load balancing. The higher a server's ratio is the more likely traffic is to be sent to it. Dynamic ratios look interesting as these are based on SNMP queries, which poll the servers, look at system utilisation and automatically reduce traffic sent to overloaded servers.
F5 goes one step beyond with its priority groups as these can be used to add extra levels of redundancy to virtual servers. If, for example, you have ten member servers, you can give five a higher group priority, which means only they will have traffic directed at them. If one fails then a server from the lower priority group will be brought in to replace it.
Virtual servers come next where you provide an IP address, decide on the type of service on offer and assign a pool to them. The HTTP profile brings in valuable traffic optimisation and acceleration capabilities, which will be very useful for slow WAN links. Along with compression, the appliance can also cache HTTP objects in memory to improve web server responses.
Layer 4 inspection can maintain persistent connections where the appliance uses source and destination IP addresses or SSL session IDs to ensure a specific client is always directed to the same server. Layer 7 inspection takes this up a level as you can use actual content to set up persistent connections along with features including application session IDs, URLs and cookies.
Universal persistence maintains a state table using any information gathered from Layer 4 through to Layer 7 inspection and employs this to maintain persistent connections. Of course, cookie based persistence is on the list and is a technology that F5 actually pioneered a number of years ago.
F5's iRules enble you to create custom policies that determine how specific traffic is handled. These can range from looking for information such as credit cards numbers in HTTP traffic and replacing them with hashes to identifying VoIP traffic, prioritising it and maybe modifying the packet contents.
Other functions could be to inspect HTTP content and based on information such as the URI, cookie or HTTP response codes, direct a host to a particular physical server. After some practise we found iRules easy enough to use and for testing we created one that inspected HTTP web mail traffic for details of our mail server software. When activated our rule simply removed the name of the software as returned allowing us to hide this information.
The web interface provides reasonably good real time statistics on appliance performance, traffic handling and load balancing but general reporting tools are thin on the ground. At present this requires integration with third party management tools such as HP OpenView. However, F5 advised it is working on an optional appliance reporting tool based on Microsoft's System Center Operations Manager.
Considering the starting price we would have expected a superior hardware specification but there's no denying the Big-IP 6400 is delivering an impressive range of load balancing and application delivery features. Reporting options are also limited but the management interface is easy to get on with making the system very simple to deploy.
Author: Dave Mitchell