F5 Networks Big-IP 6400

The hardware package could be more generous, but the Big-IP 6400 is a classy load balancing solution that's hot on network security and generally easy to configure, while F5's iRules offer plenty of customisation opportunities.

There may a wide choice of vendors in the load balancing, or application delivery, market but F5 Networks has been a clear leader for some time now. And it's easy to see why as its Big-IP boxes offer more features that you can shake a stick at.

On review we have the Big-IP 6400 LTM (Local Traffic Manager), which is delivered as a 2U rack appliance solution capable of handling a 2Gbps traffic throughput. The pair of single-core Opteron processors and DDR memory are looking dated considering the starting price but the rest of the hardware package does include dual SSL accelerator cards.

F5 uses a multi-layered approach to traffic management as the appliance runs its proprietary TMOS kernel, which is essentially a TCP proxy and traffic inspection engine. One of the system processors is dedicated to TMOS, while the second looks after a separate Linux kernel, which provides all the management, monitoring and reporting functions. All traffic passing through the appliance is handled by F5's TMOS and, where appropriate, it will decide to use its own hardware to switch traffic but in the case of SSL traffic, for example, it will hand this over to the accelerator cards.

The appliance protects against threats such as DDoS attacks and offers tools for implementing application security. Resource cloaking stops information being leaked out that hackers may be able to use to gain information about a network, encryption can be applied selectively to protect content and the appliance can act as an authentication proxy. Other features include TCP Express - a proprietary network stack written by F5 to broker connections between hosts and applications.

We found installation in the lab a pleasantly simple affair and aided admirably by the appliance's well-designed web interface. All licensed options are displayed in a tree to the left and each one expands to show their related features. You can start by sorting out administrative access as the appliance has a dedicated port for this and then you can move onto configuring the main Gigabit network ports where you create VLANs and assign port memberships.

The Big-IP uses the common concept of grouping multiple physical servers together and presenting them as a single virtual server, where it performs load balancing across them. The process of setting these up is very simple as you create pools and add your physical servers to them as members. Next, you choose the load-balancing scheme and F5 offers no less than fifteen different methods.

Naturally, you get the standard round robin mode, which intercepts incoming requests and distributes them to each server in strict rotation. At the other end you have options including F5's unique predictive balancing, which analyses traffic to individual pool members over time and predicts future patterns to avoid any one member server becoming overloaded.

Weightings, or ratios, can be applied to pool members that will also affect load balancing. The higher a server's ratio is the more likely traffic is to be sent to it. Dynamic ratios look interesting as these are based on SNMP queries, which poll the servers, look at system utilisation and automatically reduce traffic sent to overloaded servers.

F5 goes one step beyond with its priority groups as these can be used to add extra levels of redundancy to virtual servers. If, for example, you have ten member servers, you can give five a higher group priority, which means only they will have traffic directed at them. If one fails then a server from the lower priority group will be brought in to replace it.

Virtual servers come next where you provide an IP address, decide on the type of service on offer and assign a pool to them. The HTTP profile brings in valuable traffic optimisation and acceleration capabilities, which will be very useful for slow WAN links. Along with compression, the appliance can also cache HTTP objects in memory to improve web server responses.

Layer 4 inspection can maintain persistent connections where the appliance uses source and destination IP addresses or SSL session IDs to ensure a specific client is always directed to the same server. Layer 7 inspection takes this up a level as you can use actual content to set up persistent connections along with features including application session IDs, URLs and cookies.

Universal persistence maintains a state table using any information gathered from Layer 4 through to Layer 7 inspection and employs this to maintain persistent connections. Of course, cookie based persistence is on the list and is a technology that F5 actually pioneered a number of years ago.

F5's iRules enble you to create custom policies that determine how specific traffic is handled. These can range from looking for information such as credit cards numbers in HTTP traffic and replacing them with hashes to identifying VoIP traffic, prioritising it and maybe modifying the packet contents.

Other functions could be to inspect HTTP content and based on information such as the URI, cookie or HTTP response codes, direct a host to a particular physical server. After some practise we found iRules easy enough to use and for testing we created one that inspected HTTP web mail traffic for details of our mail server software. When activated our rule simply removed the name of the software as returned allowing us to hide this information.

The web interface provides reasonably good real time statistics on appliance performance, traffic handling and load balancing but general reporting tools are thin on the ground. At present this requires integration with third party management tools such as HP OpenView. However, F5 advised it is working on an optional appliance reporting tool based on Microsoft's System Center Operations Manager.

Considering the starting price we would have expected a superior hardware specification but there's no denying the Big-IP 6400 is delivering an impressive range of load balancing and application delivery features. Reporting options are also limited but the management interface is easy to get on with making the system very simple to deploy.

Verdict

The hardware package could be more generous, but the Big-IP 6400 is a classy load balancing solution that's hot on network security and generally easy to configure, while F5's iRules offer plenty of customisation opportunities.

2U rack chassis 2 x 1.6GHz AMD Opteron 242 processors 4GB 400MHz PC3200 DDR memory 512MB CompactFlash card F5 PVA-2 ASIC load balancer 80GB IDE hard disk 2 x Cavium Nitrox XL PCI SSL accelerator cards 16 x Gigabit (1000BaseT) 4 x Gigabit SFPs 10/100 management port Serial port USB port 2 x hot-swap power supplies CLI and web browser management

Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.