All White Papers

White Paper

Application Delivery Hardware: A Critical Component

Updated November 06, 2010

Introduction

Today's Application Delivery Controller (ADC) appliances have all evolved from the same roots: software-based load balancing. Years ago, when physical networks were still running in the 10 Mbps to 100 Mbps range, software load balancing was an acceptable solution for distribution of application and user loads in and out of the data center. As networks sped up, and applications and software platforms became more demanding, software load balancers quickly began to lag behind. In essence, the load balancers were no longer able to keep up with the applications they were balancing.

With the F5 BIG-IP and 3-DNS products, F5 delivered the industry's first truly purpose-built load balancing appliances. They were designed to ensure that applications were always secure, fast, and available; however, these early load balancing systems ran on commodity hardware. Until 2004, the combination of off-the-shelf hardware and fine-tuned, commercially available operating systems was the norm for the load balancing market.

In 2004, F5 released the world's first true ADC, moving the market away from traditional load balancers by fundamentally changing the architecture of the entire application delivery system. The first step was designing, from the ground up, the TMOS architecture-a proprietary operating system for application delivery. Over the next few years, F5 moved ADC hardware from the traditional outsourced model that used generically available hardware parts to original hardware that was built in-house. This involved designing hardware specifically for the massive amounts of application traffic managed by ADCs. With the potent combination of TMOS and custom-designed hardware, F5 created a completely isolated system that had the singular purpose of delivering mission-critical applications and managing application traffic throughout the data center.

However, the rest of the ADC market did not follow F5's lead; instead, most ADC vendors opted to outsource their hardware components, a practice that still continues today. Motherboards are typically sourced from a third-party manufacturer that has already decided which chips to use, how and where those chips are placed on the board, and how the components interact. These parts are designed for the broadest possible deployments: The motherboard, chips, and cards (NICs) can be used for application delivery, or the same components can be used in a more generic PC-such as in a Linux system running an open-source database-or any other type of network appliance.

Satisfying Customer Needs

First and foremost, F5 BIG-IP ADC hardware is driven by needs of F5 customers. Customers demand a platform that is robust, fault-tolerant, and can be deployed in a highly available configuration. Mission-critical business applications demand a reliable ADC solution that can scale beyond the applications' needs, enabling applications to grow along with business. F5 BIG-IP ADC hardware is designed and manufactured to meet customers' needs.

Consistency of System Architecture

Although F5 is most commonly referred to as a hardware company, it is actually a systems company. F5 designs and builds complete systems for application delivery, and the consistency of that design is what enables F5 to deliver solutions that outperform and outlast other ADC appliances on the market. The integration of hardware and software for a singular purpose is paramount to delivering solutions that manage the entire application delivery lifecycle-from basic delivery to advanced optimization and security-at carrier-grade performance levels and reliability.

Design consistency is also seen in the event of a failure in the field. When there is an unknown failure with any BIG-IP system, that system is returned to F5. There, it is run through the quality assurance (QA) process in which it is scrutinized and tested in order to diagnose the failure. Once the failure is analyzed and a solution is created, that solution is rolled out to all customers and can be applied across the entire product family. F5's commitment to customer satisfaction drives this circular hardware lifecycle from design to deployment to Return Materials Authorization (RMA) to redesign.

In contrast, when a different ADC vendor uses off-the-shelf, commodity systems (such as those that include integrated CPUs, NICs, and RAM) without designing and selecting the hardware and software for the system, the resulting level of architecture design and control is unpredictable. When individual components vary within the same hardware familyit becomes challenging to roll out streamlined updates to customers, which results in a continual churn process for new hardware and the software that manages it.

Hardware Certification

Many customers and industries require baseline certification for any appliance deployed in the data center. Many telecommunications carriers and service providers, for example, require Network Equipment Building System (NEBS)-certified hardware that has passed a standards-based level of operational functionality. F5 offers many NEBS-compliant, carrier-grade hardware options, such as those available for the F5 VIPRION chassis and blades.

Security certification is also a critical requirement for many customers. F5 has been a consumer as well as an active participant on many security design boards, such as various security certification working groups within ICSA Labs. F5 BIG-IP hardware appliances are currently certified by ICSA for SSL VPN and web application firewalls. Additionally, most F5 hardware products are available in Federal Information Processing Standard (FIPS)-certified models.

F5 invests more $20M annually on hardware design, QA, and testing

Built for Application Delivery

Off-the-shelf appliance hardware is designed to generally meet the many needs of a wide range of users, rather than the specific and focused demands of application delivery. Although standard CPUs are used across the industry, how those CPUs are built into the rest of the system and how they integrate with other hardware and software components is what sets F5 hardware apart from the competition.

Designing components for complete ADC systems is what F5 is all about. It's the art of our craft.
Greg Davis, VP Product Development, F5 Networks

Due to the nature of off-the-shelf products, system designers are at the mercy of a manufacturer's reference designs. This is most apparent with power consumption of individual components and how those components function with different power draws. An application-specific integrated circuit (ASIC) chip, for example, might work best processing network data at a specific voltage. Optimal functionality can vary depending on which other components are in the device, what type of application traffic the ASIC chip is processing, how the chips are physically connected to the mainboard, and other factors. Lack of uniformity in components is a challenge throughout the design process and product lifecycle, and, ultimately, it is a disservice to the customer. However, these variables aren't necessarily known to the device manufacturer that creates the reference design architecture.

By working directly with component manufacturers, F5 is able to design systems in which each component works optimally and in which micro settings, such as voltage regulators and power consumption, can be readily managed. Building application delivery hardware isn't as simple as sourcing components and writing network drivers; it's a highly involved, multi-step process that spans the entire hardware lifecycle.

F5 hardware directors and managers have an average of 15+ years of specialized experience in networking hardware.

Architecture

Any carrier-grade appliance should comprise a synergistic design of hardware and software. F5 BIG-IP hardware platforms are designed together with software, which enables complete control of all systems used to handle application traffic. In order to meet customers' high demands for application throughput, hardware from the NICs to the CPUs and bus is optimized and created as one solution. F5's deep partnerships with hardware manufacturers such as Intel and Broadcom facilitate direct access to hardware specifications and designs so that F5 can customize software for specific hardware. F5 hardware and software groups collaboratively design BIG-IP firmware for all internal hardware components, which results in a completely focused system of chips, BIOS, and traffic-management operating system. Because F5 designs comprehensive systems, it is unnecessary to force software to perform unnaturally to compensate for hardware restrictions: Hardware is programmed in conjunction with the software for optimal performance.

Mechanicals

Designing the bit-level application-delivery hardware is only one part of the manufacturing process. Other mechanical concerns, such as board layout, airflow, and resistance to environmental extremes are also critical aspects of design and manufacturing.

Programmable variable power for hardware components is an excellent example of a point where architecture and mechanical design meet. Each hardware component in BIG-IP products is designed for power management through custom software, and components are thoroughly tested through a range of power and temperature fluctuations. In contrast, generic and pre-designed boards leave the entire system at the mercy of the board designers. While modern board design is extremely efficient, it is not optimized for the unique requirements of high-speed application delivery.

Dedicated Chipsets and Firmware

F5 BIG-IP devices consist of custom field-programmable gate array (FPGA) and ASIC chipsets, which are designed in-house specifically for the needs of delivering high-speed application traffic, and for supporting features such as service offloading, low latency on the bus, and high throughput. By designing these chips in-house, they are built to deal reliably with extreme application-delivery traffic.

Commitment to Quality

At F5, quality is of key and unwavering concern. F5's commitment to quality is integral to every part of the company and can be seen in the exceptional hardware and software that is delivered to every customer. During every phase of hardware design and testing, quality is paramount. And, when a product goes to a data center, it is expected to perform at the same level achieved during testing and then run as advertised for the life of the product. Simply stated: Quality is part of the F5 culture.

The highest quality systems, such as the entire line of BIG-IP products, will meet customer needs today, will continue to meet those needs as the customer grows, and will provide longevity and investment protection throughout the product lifespan.

Design Testing and Post-Production Failure Analysis

Throughout the development process, all system design components are put through the paces of an extremely rigorous environmental stress screening (ESS) testing cycle. ESS testing is conducted on all hardware components, but that testing is typically done on individual components. For example, a motherboard might be built and tested by one manufacturer, a NIC by another, and the power supply by yet another. Although each component might pass ESS testing individually, there is no guarantee that they will all pass ESS testing when built into a complete system. Any failures of those individual components would need to be handled by the original manufacturer, resulting in production delays and increased costs.

By owning the entire design and manufacturing process, all F5 components go through ESS testing as one unified system. If there are individual failures, such as broken brackets or loose connections, those can be addressed across the entire product family at once, limiting extra design time and costs. To maintain this level of control over the hardware, it would be nearly impossible and cost-prohibitive to outsource ESS testing and the redesign phases of appliance manufacturing.

F5 BIG-IP hardware goes through a series of rigorous ESS tests, such as:

  • Vibration: The degree of chassis vibration is varied while passing application traffic through the device during a series of power cycles in order to "shake out" any issues with board design and power and data connections.
  • Thermal and air flow: The known thermal limits of hardware components and appliances are measured to discover how altering the air-flow design can prevent failure of those components and appliances.
  • User diagnostics: The impact on user experience is measured while appliances are subjected to the ESS testing.

The strict level of ESS testing doesn't stop during the design phase; it continues long through the production life cycle of every BIG-IP appliance and product family.

Conclusion

Hardware is arguably the most important component in the application-delivery stack. Whether deploying a complete hardware and software ADC solution-such as the F5 BIG-IP rack and chassis hardware devices-or deploying ADC software on more generic hardware-BIG-IP VE on VMware ESX, for example-hardware components must meet the demands of users and applications.

Part of F5's expertise is designing complete, integrated systems that effectively and reliably deliver applications and manage application and user traffic. Choosing the best components and designing, from the ground up, how those components interact, enables F5 to continue to push the ADC into new realms of capability and reliability.