BIG-IP 1500 Global Traffic Manager

F5 Network's Big-IP Global Traffic Manager, the successor to F5's 3DNS, has been rearchitected on its TMOS platform and offers a DNS management tool, support for IPv6 networks, and an array of new application health monitoring options. GTM isn't about balancing load between servers, though it could be used to do so. Its purpose is to distribute requests across data centers through DNS-based global load balancing. It decides which site to direct traffic to based on a variety of application, client and network conditions with the goal of providing continuous availability and optimal response times.

GTM is available as a standalone appliance as well as a software module on other F5 switch platforms, including the Big-IP 1500, 3400, 6400 and 6800 and the 8400. But it's no small-fry, sporting four 10/100/ 1000-Mbps ports and two SFP GBICs.GTM's primary purpose is to resolve DNS queries, and it does so based not only on standard zone records, but also on a wide variety of current network and application conditions. Because GTM uses the TMOS architecture, it can inspect DNS requests using iRules and subsequently directs traffic to the appropriate data center or server based on information gleaned from client requests, such as geographic location, time of day and IP address. Because GTM can persist client state, it ensures availability and continuity of transactions in the event of an outage, even if an entire data center is lost, making it a useful component in disaster-recovery plans or to provide better response times to clients over the public network.

Tests of GTM's direct DNS query capabilities using a simple round-robin algorithm showed GTM capable of almost 20,000 responses per second over a 70-second period in which more than 1.4 million requests were sent to GTM. We know from tests of other TMOS-based products that performance is likely to degrade somewhat if iRules assist traffic direction. There's always a price to pay for flexibility. In addition to the simple round-robin algorithm application maintenance windows (time-based schedules), high network latency, poor application response times, and the geographic proximity of client and data center can all be configured as part of the selective resolution process.

Management Options

To manage DNS zone files, GTM includes ZoneRunner. It provides a secure environment and reduces administrative overhead by validating and error checking zone entries. A Web-based management interface also provides rudimentary policy management, letting you roll back the last transaction in the event of a problem, providing automatic reverse lookups, and importing zones from an external server or file for easy migration. Admins who prefer a command-line interface won't be disappointed as all ZoneRunner functions can be performed over its CLI.

The number of app-specific health monitors has been increased with GTM's move to its new chassis. Included is support for SIP, Oracle, LDAP, and mySQL. Going beyond simple ping checks or content verification, you can create composite monitors to verify the entire application stack--from database to application server--before GTM will declare the application available. This functionality isn't in competing products, such as those from Citrix and Foundry, and offers an additional level of monitoring. It's also a handy in pinpointing why a particular app may be unavailable or performing poorly. An admin can easily see all the components and their status without first figuring out which database or app server an application may be using.

This composite monitoring functionality also is helpful to admins who need to manage the availability of services within an SOA, as a single service may be be composed of multiple services--and not all of them in the same physical location. Although F5 is touting this as a huge benefit, it's unlikely you'll need this now or in the next year. But it is on the horizon, and if you're looking to invest in a long-term global load-balancing solution with an eye toward managing the complexity of SOA, GTM would appear to be a good fit. It won't come without a cost, however, as admins must map and understand the application inter-relationships before creating composite monitors, an ongoing process as applications morph and change over time.

The hardware comes with a push-button transmission to set the IP address and, as is typical with products from F5, Juniper, Foundry and Cisco, provides SSH access to its CLI. The SCCP (Switch Card Control Processor) interface is separate from the management interface, providing the expected lights-out management capabilities required of an enterprise device.

Smooth Start

Big-IP provides an Apache Tomcat server that enables a Web interface (HTTPS) supporting IE and Firefox, which makes it all seem easy. The Web interface takes quite a few steps to get set up, but like the extra steps required of GSLB products from Nortel, Foundry, and Cisco, it shows strength in the number of configurable parameters and the continuing trend toward reuse of "objects" within configurations, such as pools, URI resources and IP addresses. GTM's Web interface is much the same as that found in other Big-IPs, which are years ahead of anything Nortel offers. As GTM can be purchased as an add-on module for other F5 products, it must--and does--fit seamlessly into their respective user interfaces.Just when we thought we'd exhausted this 19-pound heavyweight, we noticed this device can also filter packets to enhance network security. We set it to discard all unhandled packets and then explicitly allowed packets by MAC address, IP address and VLAN assignment, and all went smoothly. More explicit rules can be built using regular expressions and protocols as well as distinctive hosts, networks and ports.

Sean Doherty is a contributing editor to Network Computing. Write to him at [email protected].