Test Center guide: Load balancers and Web accelerators

Barracuda, Citrix, Coyote Point, F5, Kemp, and Zeus offerings stretch from no-frills appliances with basic load balancing to kitchen-sink solutions with rule-based traffic management, application security, and application performance optimizations; here's how to pick 'em, based on our tests 

Whether you call them application delivery controllers, application accelerators, application traffic managers, or just load balancers, the solutions for scaling out Web sites and improving the performance of Web applications have come a long way from their humble beginnings. The result is a great deal of choice in the marketplace, from bare-bones appliances with basic functionality to high-capacity switch-based systems that handle Web traffic in wildly sophisticated ways.

In its simplest form, a load balancer is a device that sends TCP/IP requests to more than one host, creating a cluster of servers that all present the same Web site. In fact, basic load balancing can be accomplished by adding multiple IP addresses to a host entry in the domain name service (DNS) system. However, doing this creates a blind round-robin system that will send the next request to the next IP address, whether that IP address actually has a working server on it or not and regardless of whether or not that server is the best server to handle the next request.

[ Read today's reviews of Kemp Technologies Load Master 1500 and Barracuda Load Balancer 340. Read previous reviews of Citrix NetScaler, Coyote Point Equalizer, F5 BIG-IP, Juniper DX Series, and Zeus ZXTM. ]

Most advances in load-balancing technology have been aimed at ensuring that requests go to a server in the group best able to handle a request. Various algorithms decide which server gets the next request: the server loaded with the fewest connections, or the one responding fastest to a ping, for example. Vendors also offer proprietary algorithms and even agents to run on each server to provide more granular and accurate information on how heavily loaded each server might be.

The process of determining whether servers are available has also grown more complex and precise, from the basic TCP/IP ping to checking whether the server has a responsive network connection to checking whether a particular service (be it an HTTP daemon or a back-end SQL server) is running and returning a proper response to a query.

From the early systems that were built on PCs with two Ethernet cards, load balancers have evolved to include up to 24 switched Ethernet ports and custom ASICs running routing rules at gigabit wire-speed. Other systems add protection for Web servers and other types of application servers, guarding against buffer overflows, denial of service, and other hacker attacks. Still others add the ability to route incoming traffic to specialized clusters of Web servers depending on the needs of the customer, so that e-commerce requests go to one cluster while video viewing is done on another. Finally, a more recent trend is to add Web acceleration technologies, including HTTP compression, caching, and consolidation of TCP/IP requests from hundreds to a few.

The bigger question is whether you want all of these capabilities in the same box as your load balancer, when you may very well already have another box that does the same thing. SSL termination is a common addition because it simplifies load balancing. WAN optimization is also a good fit, considering that functionality needs to be outside the firewall along with the load balancer, and the right kinds of optimization can really improve the user experience, which is one of the main goals of load balancers. Other features such as firewalls, anti-spam, and site-to-site acceleration are less obviously a good fit. These are things that might be better done with separate boxes.

Software, appliance, or switch
Load balancers can be divided into two general categories: software- or appliance-based systems (running on Linux or Windows and Intel- or AMD-based hardware), and switch-based systems that make use of proprietary operating systems and hardware.

The software- or appliance-based systems are easy to add functionality to, but they are limited in throughput, since they rely on the two to four network interfaces installed in the appliance. Switch-based load balancers often have 24 or more ports, and offer gigabit or higher performance on every port. In the last few years, switch-based products have come to offer the same kinds of extended functionality as appliances, including support for e-commerce, additional security features, network acceleration, geographic load balancing, and more.

Once owned by software-based solutions, the low end of the market is in flux. First, the added cost of hardware on Linux- or Windows-based appliances is offset by the dramatically reduced time to configure the system. Second, the entire "commodity" category is getting smaller as time goes by – the ready availability of ASICS (Application-Specific Integrated Circuits) means that switch-based load balancers can be inexpensively made. As prices of switch-based load balancers have dropped, and more organizations have started delivering Web-based applications both internally over high-speed connections and externally over a slow Internet links, switch-based products are coming to dominate the market. However, appliances offer a low starting cost, are easily expanded with SSL acceleration boards and other add-ons, and still have a place, especially for organizations with no need for multiple gigabit ports.

If you want to spend the time, you can use an existing Windows server and WSLB (Windows Server Load Balancing) software, or with Linux installed and add IPVS (IP Virtual Server) or BalanceNG load balancing software to create your own load balancer. However, unless you’re paid a lot less than the average admin, the time you spend configuring the Linux server and the IPVS software will more than offset the cost of a small appliance, some of which are available for less than $2,000 including the hardware.

The vendors and offerings
Appliance vendors include Barracuda Networks, Kemp Technologies, and Zeus Technology. Coyote Point Systems, which was on the appliance side for a long time, now sells switch-based systems and offers some of the least expensive switch-based products available, still with good functionality.

Switch-based vendors include Array Networks, Cisco, Citrix (NetScaler), Foundry, F5 Networks, and Juniper Networks, though Juniper announced in January that it is discontinuing its product line (DX systems will no longer be available after July 24, 2008). These vendors provide high levels of functionality aimed at serving Web sites that are scalable and highly available.

Beyond the basic parceling out of requests to groups of servers, some load balancers also use several different methods to speed up responses to requests or to compress traffic, lessening utilization of bandwidth. One of the main optimization techniques is to group what would otherwise be anywhere from a few to more than 100 TCP sessions into one, using TCP session multiplexing or TCP session consolidation, depending on the vendor. Because the overhead of starting a session is fairly large, and some Web browsers can start dozens or even hundreds of TCP sessions to display a single page, multiplexing and session consolidation can improve performance substantially.

F5, Juniper, Citrix, and Zeus offer similar kinds of compression and acceleration technologies, which Barracuda, Coyote Point, and Kemp don’t offer. F5 has outstanding ease of use, even better than Juniper, which has some very easy-to-use automation technologies that make it very easy to secure a Web site by moving to SSL without recoding the site itself. F5 also offers an application security gateway, which none of the others do, although many users may already have this capability in a standalone appliance. F5 has added Web application acceleration since our last review was completed. Citrix offers the greatest variety of acceleration technologies, with Juniper a close second and Zeus not far behind, although the Zeus box is not as easy to use. Barracuda and Kemp offer good basic systems at very low prices, starting at less than $2,000, while Coyote Point has an excellent higher capacity system that still costs much less than the F5, Juniper, Citrix, and Zeus offerings with all the bells and whistles.

All the systems can perform the basic load-balancing tasks of creating virtual clusters and directing traffic based on content or type of traffic. All will work for creating a sophisticated e-commerce application or SSL-based corporate portal. Acceleration is very much a “your mileage may vary” kind of application: The type of Web server, whether TCP/IP session persistence is enabled, and the types of content being served will all have major impacts on the effectiveness of acceleration techniques.

In most cases, the Internet link will be saturated before the capabilities of any of these systems is reached, unless your Internet link supports gigabit or higher speeds. What can make a difference is the number of rules used to route traffic. If you’re planning on applying a large number of rules to handle traffic based on IP address and other parameters (“if the IP address is in this range, and the connection is HTTPS, then send the traffic to these servers”), then the faster processing engines of the F5, Juniper, and Citrix systems can make a difference.

How the products stack up
There’s a wide range of capabilities and prices represented here, from the inexpensive but functional Barracuda and Kemp products, to the Coyote Point and Zeus boxes in the middle, to the high-end systems from Citrix and F5.  Barracuda and Kemp offer bare-bones load balancing functionality in Intel-based appliances at rock-bottom prices. Coyote Point and Zeus combine good functionality and good value for the price. And Citrix and F5 offer all the functionality anyone could want, but at premium prices.

At the three tiers, Barracuda, Coyote Point, and Citrix offer the best bang for the buck. Barracuda, Kemp, and Zeus are excellent places to start if you’re just looking for fault tolerance and scalability of a basic Web site. F5 stands out from the crowd with superb ease of use, and its programmability and available extra features will make even sophisticated e-commerce sites or corporate application delivery sites easy to create. The Juniper DX line has been discontinued, which goes to show that even excellent products don’t always survive. For a quick, feature by feature comparison of all the products, see the table, "Load balancers and Web accelerators compared."

Barracuda Load Balancer 340 Version 2.1.033
Good  7.6
Bottom Line
: The Barracuda Load Balancer is a good choice for any organization looking for a low-cost way to move from a single Web server to a Web farm. It has a good basic feature set, including cookie persistence, SSL offloading, and intrusion prevention capabilities. It's not as sophisticated -- or as expensive -- as some competing products.

Citrix NetScaler 8.0
Very Good  8.6
Bottom Line
: NetScaler 8.0 offers a very sophisticated suite of load balancing, Web application acceleration, Web application firewall, security, and logging features, at a good price. The system is easy to configure, yet offers the power to create a secure site that gives great response times and reduces loads on Web servers.

Coyote Point Equalizer E550si
Very Good  8.6
Bottom Line
: The Equalizer E550si offers a big jump in performance over the previous model at about the same price. With 20 gigabit Ethernet ports, an unlimited number of clusters, and support for more than 8 million simultaneous users, the E550si can support large commercial Web sites with ease, as well as internal Web-based applications that need higher bandwidth.

F5 Networks BIG-IP 6800
Very Good  8.5
Bottom Line
: The BIG-IP 6800 is an extremely capable load balancer and Web application optimization engine. It should be scalable enough for even the largest Web application, and offers a depth and breadth of features difficult to equal. Functions such as application firewalling and global load balancing come at additional cost.

Juniper DX3680 v. 5.2
Excellent  8.7
Bottom Line
: The DX3680 is an example of the adage "you get what you pay for." It's a very capable 2U appliance that not only creates clusters of Web servers but also adds SSL encryption, user authentication, and protection against hacker attacks. All of this is done transparently without having to rewrite HTML code on the Web servers. The application rules functionality provides powerful customization capabilities as well.

Kemp Load Master 1500 Version 4.1-33
Good  7.7
Bottom Line
: Although initial setup is a bit of a pain, the wide variety of preset options in the Kemp Load Master make configuring persistence or sophisticated health checks easier than usual. The GUI is clear and easy to navigate, and drop-down menus handle functions that require creating scripts or custom rules in other products. The Load Master goes a step beyond the Barracuda at a slightly higher price.

Zeus ZXTM 7000 4.0r1
Very Good  8.4
Bottom Line
: The ZXTM 7000 offers a wide variety of features beyond the standard load balancing, and it’s easily expanded as needed. Although not quite as powerful or polished as competitors such as the BIG-IP, it is nevertheless easy to set up and manage, and it can be scaled by clustering up to 64 units.

How I tested
To test the performance of each product, I set up several servers with the same Web site (a demo version of an e-commerce site) and created a virtual cluster with those servers in it. The servers varied in processor number and power. I then used an Ixia 400T traffic generator and Aptixia IxLoad software to simulate a large number of users accessing the Web site, and compared the loads generated on each server. I then enabled features such as SSL sessions, Web acceleration, and application security, and attempted to overload the load balancer by simulating many simultaneous users.

Testing the Web application acceleration features of the products is more problematic. The greatest improvements in delivery of pages from the Web servers will occur when the server is heavily loaded (or would be heavily loaded if the load balancer weren’t present. The type of content being delivered also makes a big difference – static HTML pages will see big improvements while dynamic pages using .ASP, CGI, Java, or other application servers may not seem much faster. The performance of the server delivering the application will be the gating factor rather than network performance.