The BIG-IP Application Traffic Manager is the flagship product of F5 Networks, Inc. It is designed to act as a high-availability load balancer, helping companies ensure that their applications are scalable and reliable. BIG-IP units run a variant of the BSD UNIX operating system, with proprietary software and modifications to the kernel to increase efficiency in load balancing scenarios.

The Basics of Load Balancing

BIG-IP is designed with a two-network topology in mind: the BIG-IP straddles two networks, with one "side" facing the clients, and the other facing the servers. On one network -- usually referred to as the "internal" network -- the application servers sit in private non-routable address space, physically isolated from the rest of the world with the BIG-IP as their only gateway to the outside. The other network, referred to as the "external", is the public face of BIG-IP, where clients can connect to virtual servers that are, in reality, pools of application servers hidden behind BIG-IP. More advanced configurations involving multiple networks (or single ones) are possible -- BIG-IP is a versatile product -- but this is the most common configuration.

Key Features

Failover capability
BIG-IPs are intended to be used in pairs. One unit is always active (handling traffic and making load balancing decisions) while the other waits in standby mode, ready to take over instantaneously if a fault occurs. It is possible to use BIG-IPs individually, but this creates a single point of failure in your network -- never a good idea.

Server health monitoring
This means what it says: BIG-IP can continuously poll the servers under its care to make sure that they are responding to pings and that their services are running correctly. If a server fails, BIG-IP will stop sending traffic to it, and will instead divide that server's share of the traffic among the other servers in its pool, until the server begins to respond to health checks again.

SSL Processing Offloading
With the SSL Proxy feature, BIG-IP can devote all of its spare processing power to offloading SSL encryption and decryption from your servers. BIG-IP receives an SSL connection from a client, decrypts the packets and forwards them on to the server; likewise, it encrypts the server's reply. Since the servers being loadbalanced sit on an isolated network behind BIG-IP, this ensures secure communication while lightening the load on your servers, and using BIG-IP's capabilities to the fullest. Having one platform for all your SSL encryption and decryption also makes certificate and key administration easier.

Hardware acceleration (BIG-IP 2400 only)
The BIG-IP 2400 Application Switch has a special Application Specific Integrated Processor (ASIC) intended to offload the processing of network traffic from the CPU whenever possible.

BIG-IP can use a number of methods to ensure that incoming connections from a particular client can be sent to the same server as that client was connected to previously. This is vital for virtually any web application that expects input from the user or needs to exchange session information with the client. Persistence methods include simple (by IP address), SSL (by SSL session ID), active HTTP cookie insert (BIG-IP introduces a cookie into the HTTP headers exchanged by client and server, which contains the IP and port of the server the client should be reconnected to) and a number of other more esoteric methods.

Packet inspection
BIG-IP has the ability to make load balancing decisions based on the contents of unencrypted packets. This lets you do things like redirect HTTP GET requests to different server pools based on their URI strings, and the like. This behavior is controlled through a scripting language called iRules.

Link aggregation
BIG-IP supports 802.3ad link aggregation for increasing throughput and reliability.

Secure Web and CLI Administration
BIG-IP administration can be performed via the system's web UI over SSL, or at a serviceable UNIX command line interface via SSH. I speak from personal experience when I say that the system's web UI is very easy to use, and the availability of the UNIX command line allows an amazing degree of flexibility in configuration, system administration and troubleshooting.

Types of BIG-IP

Server Appliances

This is BIG-IP in its purest form: the BIG-IP 520 and BIG-IP 540 are intended to act as black boxes that you put between your application servers and the rest of the network, which you use to loadbalance the traffic sent to those servers. The 520 and 540 platforms are more or less identical, except that the 540 comes with dual 1-GHz Pentium processors, whereas the 520 only comes with one. Both platforms are available with either copper or fiber gigabit interfaces as potential add-on options.

Application Switches

In addition to the load-balancing and high availability features offered by BIG-IP server appliance, F5 also offers a line of BIG-IP units which also act as managed switches. This is very helpful as it combines the functions of load balancer and switch into one unit -- you just plug your application servers directly into the BIG-IP and it handles everything. This means you don't have to buy a separate switch, router or hub to handle the traffic between your BIG-IP and your application servers, thus reducing costs and increasing network efficiency. Also, you get to enjoy the flexibility and familliarity of a managed switch that runs a full UNIX OS with all that implies.

Application Switch models:

  • The BIG-IP 1000 has 8 10/100 ports and 1 gigabit fiber port. It has a 1.26 GHz processor.
  • The BIG-IP 2000 has 16 10/100 ports and 2 gigabit fiber ports. It has a 1 GHz processor.
  • The BIG-IP 2400 has 16 10/100 ports and 2 gigabit fiber ports. It has a 1.26 GHz processor and also features the the Packet Velocity ASIC for hardware acceleration of network traffic processing.
  • The BIG-IP 5000 has 24 10/100 ports and 4 gigabit fiber ports, as well as dual 1 GHz processors.
  • The BIG-IP 5100 is the same as the 5000, but with dual 1.26 GHz processors instead.
  • The BIG-IP 5110 -- Same as 5100, but with copper GNICs instead of fiber and dual 1.26 GHz processors.

References: My own experience as an F5 network support engineer, plus a few tidbits I had to look up in the BIG-IP Reference Guide.