Shulou(Shulou.com)05/31 Report--

This article will explain in detail the comparison and application deployment characteristics of F5 and RADWARE. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have some understanding of the relevant knowledge after reading this article.

F5 and Radware should be the best two companies in the field of load balancing. These two products are closely integrated with applications to better meet the actual needs in terms of function. In particular, Radware has continuously introduced new products and new functions in the past two years, and its market share has been increasing. What is the specific difference between these two products? What are the characteristics in the actual application deployment? Let's do an understanding and understanding in the following blog post, just for this exchange.

I. hardware architecture

All the products of Radware have ASIC chip, its platform design adopts Switch architecture, and ASIC chip, NP processor (to speed up the processing of session information), CPU and so on are all integrated on the switch board, so the performance is more outstanding.

Only some products of F5 have ASIC chip (bigip2400/3400/6400/6800) installed on the switch board, and there is only one ASIC chip in the equipment. For more than 8400 middle and high-end products, ASIC can run at full speed, but there are many requirements for equipment work. In addition, the NP processor is not available in F5 products.

Note: ASIC (application specific integrated circuit) obtains higher processing power by solidifying instruction or computing logic into the chip, so it has the advantage of performance and is widely used in a variety of security products.

II. Software architecture

In Radware devices, the ODS architecture is now used. This new architecture can be seamlessly upgraded with the development of user business. For example, when the ODS equipment you have purchased cannot meet the demand, you do not need to replace the hardware equipment or interrupt the business operation, you only need to purchase the software License to upgrade the throughput of the existing equipment seamlessly (ODS1/ODS2 can be upgraded to 4GbpsOS3 up to 16Gbps). Because there is no need to replace the hardware equipment when upgrading the expansion, the complicated operations such as design, testing, reinstallation, deployment and troubleshooting are avoided, and the high cost and time required for system upgrade are greatly reduced.

In F5 BIGIP devices, there are three operating systems, among which Host OS is mainly responsible for system management, such as Web page management, server health check and SNMP. TMM microkernel is mainly used to deal with business traffic. TMM Micro Kernel directly controls PVA, switch chip, CPU and memory to ensure the highest priority execution of business traffic. SCCP mainly implements out-of-band management of the system, with independent PowerPC CPU, memory and storage media. SCCP makes the system manageable under all circumstances.

Third, security

Radware products use a proprietary operating system, built-in SynApps application security module, this module can protect servers, firewalls or routers and other resources, from more than 1600 types of attacks, such as DOS, DDOS, BUF and so on. In the actual user test, the Radware product can intercept the DOS/DDOS/SYN*** of 800Mbps without affecting the access of normal users.

F5 V9 version uses the Redhat Linux operating system. The 3DNS currently on sale uses the SynCookie*** defense method provided by BSDi,F5 is relatively simple. BigIP only provides simple application layers such as worm protection, and is vulnerable to hackers because of the vulnerabilities and hidden dangers of the system itself. The new BIG-IP ASM 9.4.2 application security component is available, but requires users to purchase software modules or stand-alone devices. The BIG-IP ASM module components are available on 6400, 6800, 8400 and 8800 BIG-IP hardware platforms, and the stand-alone ASM 9.4.2 is available on F5 4100 hardware platforms. On the other hand, F5 products only have a simple DOS/DDOS/SYN*** defense capability, which is relatively weak for the security protection of applications.

IV. Configuration and deployment

1. Routing function: if you need RIP or OSPF routing function, it is recommended to choose Radware products, because the LC of F5 does not support these routing protocols, and users need to purchase additional routing modules to run these routing protocols, which is bound to affect performance.

2. End-to-end proximity judgment: the end-to-end proximity judgment of Radware has great advantages. Users care about the speed when accessing network resources. Radware can dynamically choose the "fastest" link, not just according to the load or through the Hash algorithm. Radware does outperform F5 at this point.

3. Health check: Radware uses the "Advanced Health Check Monitoring" module to carry out a variety of health checks, and can also do full-path health checks to ensure that the whole link is healthy and available. F5 realizes advanced health examination through Script, which is more complicated to use. Radware defines these as small health check modules in advance, and then combines advanced operations such as "and" OR to achieve full-path health check according to the needs of the actual user application.

4. Radware adopts the industry standard RFC 2338 VRRP redundancy protocol, while F5 BIGIP adopts non-standard redundancy mechanism (mainly serial heartbeat and network heartbeat to achieve redundant switching). Its so-called millisecond switching reaches this level only when the device is powered off. In the redundancy mechanism of F5 BIGIP, there is a deficiency in the mechanism of redundant device detection based on each vlan. It must take 30 seconds to find a problem with the traffic of a vlan, and the state between the two devices can be switched.

5, ease of use: all the functions of Radware in the configuration interface have been graphical, and the operation is relatively simple and convenient. The configuration of F5 is relatively complex, and its Irules tools must require users to have programming foundation and write complex scripts by hand, which causes inconvenience to users' operation and maintenance.

6. Upgrade: Radware AppDirector can upgrade to a device with AppDirector-Global function for a small price, and complete local and global load balancing at the same time. On the other hand, F5 BIGIP needs to pay extra to purchase 3DNS/GTM software modules to complete local and global load balancing at the same time.

This is the end of the comparison and application deployment characteristics of F5 and RADWARE. I hope the above content can be helpful to you and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.