F5 Fires Back On Open Source SSL Accelerator

Random Feature writes "In response to Build an Open Source SSL Accelerator, in which o3 magazine detailed how to build a solution comparable to an F5 BIG-IP 6900 on the cheap, F5 Fires Back claiming it's not as cheap as it appears and pointing out the potential performance implications of a 'cobbled together set of components designed to mimic similar functionality.' The discussion on the performance of the Open Source solution based on Opteron RSA operation processing capabilities brings into question the validity of the 'more SSL TPS for cheaper' argument presented by o3."

Re:Common response

[222]

With all due respect, load balancing SSL isn't exactly rocket science. It serves a fairly straight-forward purpose. Hell, I did something like this with an Apache box serving as a reverse proxy to an internal web server; my setup isn't designed to accommodate the load discussed in this article, but it does just that. Connections from the outside are secure between my Apache box and the outside world, and my internal web server doesn't worry about a thing.

The Apache reverse proxy was more of a security measure, but SSL offload is just an added benefit.

Of course I could produce something similar

[russg]

Let me first state that I over see a large deployment of F5 systems and I have compared commercial offerings in this space many times over the years. I have a deep understanding of the tools available and see the work product every day.

Both articles are great for debate. Showing that FOSS and tools available could produce a solution that resembles a commercial product is wonderful in promoting the power and breadth of FOSS. F5's response is good but also a bit disappointing as I find they have much more than is covered in their response.

I'm honestly surprised that F5 responded at all as there's really no comparison between the solutions for real world work loads and support. First and foremost is the thought that these are only load-balancers. The term used most appropriately today is "ADC" (Application Delivery Controller). The reason is that they not only perform load-balancing but reverse proxy cache, compression, acceleration, tuning, and in-stream logic decisions.

F5's products allow you to create profiles for services that are reusable and easy to maintain. You can deliver new configurations in minutes. They also work with the major application vendors to produce proper configurations that you can use out of the box. iRules (TCL) is an awesome tool directly integrated into the product that as F5's tag line says, "With iRules you can". Even with all of the this power and robust tools you will see little or no impact on high performance applications.

F5 also offers the community DevCentral which, in my opinion, gives back to the community in a proper FOSS style.

I won't even go into the underlying architecture such as the TMM kernel and separate management kernel.

F5's article does state one thing very clear and I would want to emphasis it. Humans cost far more over time than capitol expenditures.

I believe that F5 has taken FOSS to proper pedestal in the industry. If anyone thought for one second that FOSS was toys and not to be considered for serious work loads then F5 proves them wrong. Cisco has been trying to chase F5 for years and are still nowhere near them. F5 systems are my swiss-army knife of networking and I'm proud to purchase and use them from my FOSS background but also know they save my butt every day.