The network load-balancing (NLB) vendor landscape has consolidated down to five major players and some niche alternative vendors.
META Trend: Wide-area network services will transition toward IP VPNs (network- and edge/Internet-based). Service quality will decline due to capital and operational cuts at major carriers, accelerating the migration toward Internet-based services. Network-based quality-of-experience (QoE) tools that enable cost avoidance/savings will continue to gain interest in 2003. QoE vendors will consolidate around established compression, caching, and routing/switching leaders in 2003/04.
As with most markets, NLB product innovation comes from the more nimble and dedicated small vendors, while traditional switch vendors tend to lag in feature functionality but brag about throughput and speeds. Although most implementations can make do with the basic load-balancing feature set, attaining “infrastructure service” status requires flexibility and adaptability (see Figure 1.).
Cisco is the market leader in units shipped and revenues, primarily because of its well-established relationships with enterprise customers. Cisco’s strengths are in its full lineup of four modular Content Services Switch (CSS) appliances and a Content Switching Module (CSM) blade for the Catalyst 6500. In 2003, Cisco worked on improving features in its CSM blade product, which is relatively expensive and still lags in functionality compared to the CSS line of appliances. Cisco added on-board SSL to the CSS appliance, and included valuable back-end SSL multiplexing that enables end-to-end encryption without completely sacrificing the scalability advantages of offloading SSL. Cisco also added URL rewriting, and in 2004 we expect the firm to continue to improve its depth of payload inspection and replacement functionality, which lags the general market. Two new appliance products were added to the lineup: a new low-end box (503) and a new standalone Global Site Selector box. Cisco remains somewhat behind in the total feature set but has enough functionality for most implementations. Overall, we expect Cisco’s future load-balancing development to remain pragmatic, introducing new features only when it receives significant demand from existing customers or other Cisco divisions.
F5’s recent feature development has been aimed at bridging the gap between the network and application with deep packet inspection (up to 16k beyond the header), SOAP/XML application programming interfaces (APIs), and enhanced rules to filter, switch, persist, and log activities as they pass through the box. This functionality enables a developer to tie application logic to network switching and allows the network load balancer to move up the stack toward more complex application and database load balancing. Although APIs are not unique to F5, it seems to be getting good traction with software vendors (e.g., Mercury Interactive, BEA, Oracle, IBM, Citrix, Microsoft). F5 has also published a software development toolkit and launched a developer Web site to assist enterprise application developers. Other recently introduced features include intrusion detection system (IDS) balancing, support for voice over IP (VoIP) and collaboration systems using Session Initiation Protocol (SIP), WAN link load balancing, and a new management console. F5 Recently acquired uRoam and is actively integrating uRoam’s SSL VPN functionality into the Big-IP platform. This acquisition gives F5 some technical resources to advance its SSL offloading capability (e.g., certificate management, single sign-on, multiplexing). We also expect F5 to continue to focus on features that enhance application flexibility and performance, including support for emerging XML and VoIP applications. F5’s financial picture is solid, with moderate growth and profitability on more than $115 million (2003) in sales and no long-term debt.
Nortel released a new application switch architecture in 2003, resulting in significant performance improvements. Other feature improvements include denial-of-service (DoS) protection and Web services traffic management (enabling acceleration, as well as switch, persist, and load-balance decisions based on XML/SOAP content) to add to existing VPN, link, and IDS load-balancing support. The Alteon line, always very strong in SSL support, now includes integrated SSL VPN and end-to-end SSL encryption with valuable back-end SSL multiplexing (similar to Cisco). Other unique features such as intelligent P2P (peer-to-peer) application management (e.g., Kazaa, Morpheus) and bandwidth management are aimed primarily at service providers. During the next six months, we expect Nortel to add support for VoIP (SIP) load balancing and enhance its management capabilities, including a consolidated console to manage both SSL VPN and IPSec-based VPN users. As scalability continues to advance, we expect switch virtualization (i.e., multiple virtual load balancers within the same appliance box) to become more useful, particularly for service providers. Alteon switches can be virtualized now, but management is lacking until some time in 2004. Alteon offers scalable and cost-competitive products but application integration functionality is weak, though we expect a set of APIs in 2004.
Foundry is widely recognized as being very capable at building scalable Ethernet switching and routing platforms. Extending its price/performance leadership in the NLB market, Foundry doubled its product performance during 2003. Functional improvements included XML, cookie, HTTP header, and link switching, as well as enhanced DoS protection. These enhancements enabled Foundry to gain ground on rival Cisco, but it still falls short of Radware and F5 in application functionality. Users with extensive Foundry infrastructure will benefit from the recently added integration with its IronView network management console, but it is overkill to simply manage the ServerIron NLB switches. Foundry offers a good choice for users seeking low-cost high-speed switches, but it is missing key NLB functionality (e.g., on-board SSL acceleration - due in 2004).
Despite being the smallest public company in this category (roughly $50M in revenues), Radware has a strong focus on the NLB market and is relatively innovative. Radware was the first to market with link load balancing and has extensive experience with it. Other distinguishing features of the Web Server Director include bandwidth management, multigigabit DoS, and a good management console. Radware has a strong balance sheet, with $130 million in cash and no long-term debt. The firm’s biggest challenge is breaking out of its regional niche (Israel, India, Asia, and Europe) in a rapidly maturing market.
NetScaler is an innovative challenger that is gradually converting some key marquee accounts (e.g., Google, MSN) due to its scalability, DoS protection, and server acceleration. NetScaler’s original innovation was to multiplex client TCP sessions over a single session between the network load balancer and the server. Multiplexing offloads session management from servers, freeing up resources for serving content. NetScaler recently added SSL multiplexing and Gzip compression. Consequently, NetScaler can improve the scalability and performance of Web servers (typically when connection management is a large percentage of the total session load). Also added were integrated SSL VPN functionality, dynamic caching capabilities, and an XML/SOAP API for greater control by applications. Although NetScaler raised an additional $13 million in capital in January 2003, the firm is privately held and is substantially smaller than the other companies discussed here (estimated 2002 revenues of $10 million). META Group recommends that buyers conduct due diligence into the company’s financials prior to purchasing. It is unclear whether NetScaler can maintain differentiation longer term on a limited R&D budget.
Bottom Line: F5 continues to be our top pick due to its strong combination of features, innovation, and viability. Users that do not anticipate exploiting advanced functionality should stick with their preferred switch vendor.
Business Impact: Network load balancers affordably improve the adaptability, reliability, manageability, and scalability of applications.
META Group originally published this article on 14 January 2004.
(see Exhibit 1.