F5 BIG-IP Review

Local Traffic Manager load balances our web applications, does SSL decryption, and application adjusting


What is our primary use case?

There is more than one use case. The most important is the Local Traffic Manager (LTM). We are using it to load balance our web applications, SSL decryption and application adjusting, along with some TCP features. We are also load balancing traffic between appropriate back-ends for risk. 

How has it helped my organization?

We can use it for load balancing purposes on an HA proxy software. However, hardware load balancing is the best way due to some hardware flaws for incoming traffic. We are not using CPU resources for a load balancing SSL decryption and adjusting some parameters for incoming and outgoing traffic. F-5 has a lot of appliances, which can be used for appropriate tasks, e.g., for big tasks, we can use Vipiron devices. As well, we have a lot of software blades, which can be divided into virtual clusters, multi-purposes, etc.

What is most valuable?

We are using the Big-IP, LTM, ASM, and GTM modules.

  • The Local Traffic Manager (LTM) provides a simple low balance and SSL decryption, in addition to some TCP parameters, for incoming and outgoing traffic to redirect appropriate traffic patterns to appropriate servers. 
  • We are using Application Security Manager (ASM) as a web application firewall, where there is a security signature to avoid a web level breach. 
  • We are using global traffic manager (GTM). Its main use cases is for application firewall modules, therefore we are not using it yet, but we are going to implement it for DDoS protection on some of our web services.

What needs improvement?

I would like to see F-5 implement a regular routing like in other Linux-based devices. We know the F-5 is not a router, but can be used for traffic forwarding, so it's not the same as other devices if we compare it with Citrix-based devices. It is a simple Linux-based routing software. I don't have any problems with it. However, in F-5, when we try and integrate in some complex networks, we have to use some additional routing scenarios from a Layer 3 perspective, then we have some problems. It would be great if this were fixed somehow.

We have to keep in mind features when we deploy an F-5 solution. Designing the same approach in Citrix can often be simpler. I have written syntax in F-5 which were complicated; not straightforward. For example, in a Citrix device, we have a lot of predefined patterns, and it's much simpler to implement.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We have not had issues with the stability, though we have experienced issues with the flexibility.

How is customer service and technical support?

The support of F-5 is fine. In comparison with Citrix, F-5 technical support is much better.

Which solutions did we use previously?

We previously used Citrix NetScaler

  • Citrix NetScaler SDX, which can be divided in multiple instances.
  • Citrix VPX.

What's my experience with pricing, setup cost, and licensing?

The licensing strategy for F5 is good.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email