F5 Networks’ BIG-IP systems are network load balancers, critical components of busy Web farms that let administrators deploy fleets of servers to accommodate growing transaction volumes. The new version 4.5 of BIG-IP 520 Server Appliance is powerful and flexible, and on that basis alone, would be a worthy addition to any high-throughput transaction system. But what sets BIG-IP apart is a free SDK called Internet Control Architecture, or iControl, that lets applications exploit each load balancer’s onboard intelligence, thereby increasing overall efficiency.
F5 offers a bewildering array of BIG-IP systems; the 520 is a mid-range solution. Good luck trying to figure out its product line without talking to a consultant.
Although load balancers are best known for parallelizing Web servers, the BIG-IP can distribute traffic between most IP devices, including firewalls, caches, DNS providers, or other transaction servers. The load balancer uses VLANs to define secure zones for the balanced servers; digital certificates limit access to those resources by authorized users and administrators.
|
At a Glance |
|
| BIG-IP 520 Server Appliance 4.5 | |
|---|---|
| Rating |  |
| Company | F5 Networks |
| URL | www.f5.com |
| Price | $16,550 |
| Pros | Easy to set up and administer, and offers very flexible load-balancing options; iControl SDK gives applications real-time control of load balancing. |
| Cons | Administrators need to understand networking, servers, and their applications; F5 product line is varied and complex. |
The security features of the BIG-IP are generally impressive. For example, F5 has a feature it calls iRules, which inspects incoming service requests for malicious behavior. While iRules doesn’t turn the BIG-IP server into a firewall, it does present another layer of security for detecting attacks and discarding bad data that might confuse or harm a Web server. For sites worried about a single point of failure, the 520 also supports fail-over if a second load balancer is on the network.
For anyone with a solid background of Ethernet and IP networking—and a thorough understanding of his or her own network—the BIG-IP 520 is pretty easy to set up using a browser, keyboard and monitor, a telnet or SSH session, or even a serial-port console. I used the Web interface to configure a VLAN with three Web servers: a single-CPU 800MHz Pentium III box, a dual-processor 2GHz Xeon server, and a single-processor 2.2GHz Xeon system—each running Windows 2000 Server and the same Web site code atop IIS.
Configuring the BIG-IP 520 to distribute the load between the three servers was fast and easy: The entire process, from initial configuration to active load-balancing, took under two hours, excluding the time spent building out the Web servers themselves. Of course, the initial active load-balancing treated the servers identically, which meant that the big dual-processor system was allocated the same workload as the little Pentium III server. That’s sub-optimal, but it’s just a start. Fortunately, a wealth of dynamic tuning options were available, though it took some time to get the load balancer tweaked correctly. Patience—and a thorough understanding of networking, server hardware, and your application software—is essential.
IControl SDK
Where BIG-IP systems really stand out is in iControl. Version 4.5 of the SDK contains CORBA-based Java and C++ API calls for programmers to incorporate into applications. You can also use SOAP messages to communicate with the server. Essentially, applications can control the BIG-IP server, instructing it to perform such tasks as dynamically adding or deleting servers from the load-balanced network, changing how service requests are allocated, and querying the BIG-IP system to build reports. While you can perform these tasks manually, the real advantages are in constructing server applications that can automatically fine-tune the load balancer depending on real-time usage and resource availability.
Figure 1 [click for larger image] F5’s newest version 4.5 of the BIG-IP 520 load-balancing appliance is a handy 2U, with dual 10/100 network interfaces and the option for gigabit support. |
I worked with the SOAP-based API on a Windows 2000 system using Visual Basic and the SOAP 1.1 toolkit. iControl includes all the necessary WSDL (Web Services Description Language) files—it’s a clean implementation of the specifications. There are six modules in the API, and many specific interfaces. For example, the ITCMGlobalLB lets programmers work with the topology and servers on the BIG-IP server, while ITCMNetworking controls the server’s Ethernet ports and VLAN configuration in real time.
For my tests, I wrote a .Net application that used SOAP to query the 520’s transaction distribution, and was able to successfully monitor the status of each of the load-balanced servers every minute—the refresh interval I chose to code. The iControl APIs were relatively straightforward to use, and shouldn’t present any difficulty to an experienced programmer; the fact that they can be accessed via Java, C++, or Web services makes it likely that you’ll already have the programming talent on-staff to customize these modules. Whether you’ll want to is another question; in most cases, ordinary static management of the load balancer should prove more than sufficient. For tricky cases, or when there’s a need for dynamic programmatic management, the option is available. Also, not only is the documentation excellent, but the SDK is offered free of charge, without runtime licenses.
Of course, not every data center needs load balancing or this level of software-based fine-tuning. But for a busy hosting environment or high-volume enterprise Web or server farm, the BIG-IP 520 can genuinely improve network scalability, efficiency, and responsiveness.
Alan Zeichick (www.camdenassociates.com) is principal technology analyst at Camden Associates.
