These features are included as part of F5's Advanced Firewall Manager (AFM) package. F5 separately sells an Application Security Manager (ASM) package, which includes application inspection and intrusion detection, but we did not test this. So, the BIG-IP 10200v is best suited to end users who want to merge firewall and load balancer in one appliance. However, if you're looking for an all-in-one security device, you'll need to buy the additional ASM package.
We tested firewall performance in terms of speed and scalability (see "How We Did It" below). In some tests, the Spirent Avalanche traffic generator/analyzer offered fixed object sizes, which are useful in determining absolute maximum speeds. We also configured Avalanche to offer a mix of Web object sizes and content types just as network managers would find in production networks.
In one of the fixed-object tests, Spirent Avalanche exclusively offered 10-kbyte objects. Numerous studies have shown the average object size of all Web transactions is somewhere near that figure. If anything, that average is trending downward, driven by AJAX-heavy Web apps. And to determine the highest possible rates, we also conducted tests using 512-kbyte objects. At this size and up, the transaction overhead involved in HTTP is negligible.
Since more and more Web traffic uses encryption, we ran all the speed tests with plaintext traffic and again encrypted with Secure Sockets Layer/Transport Layer Security (SSL/TLS), using HTTPS. We then repeated the SSL/TLS tests with decryption enabled.
In tests involving static object sizes, the F5 firewall came close to maxing out our test bed's network capacity. With 10-kbyte plaintext Web objects, the F5 firewall moved traffic at 78.630Gbps, almost saturating the 80-Gbit/s pipes between clients and servers. With 512-kbyte plaintext Web objects, the rate was 80.519Gbps. (These forwarding rates are aggregates of traffic in both directions, so it's possible to exceed 80Gbps due to TCP acknowledgements sent back from clients to servers.)
The F5 firewall moved static objects over SSL at rates that met or exceeded the capacity of the Avalanche test tool, moving 10- and 512-kbyte objects at 17.288G and 20.919Gbps respectively. Both numbers are at least 1Gbps faster than those for the Avalanche tool running back to back with no firewall inline.
The most plausible explanation for the difference is that, like all BIG-IP appliances, the 10200v is a load balancer. By performing web server health checks and distributing requests accordingly, the F5 firewall is able to distribute workloads more efficiently than clients and servers can do on their own.
In the mixed-object tests, the BIG-IP 10200v moved plaintext traffic at 37.486Gbps. That's almost 99.5% the capacity of the Spirent Avalanche traffic generator when running the same test in a back-to-back configuration.
Sign up for Computerworld eNewsletters.