F5 Networks has introduced virtual clustered multiprocessing (vCMP), a technology that it says brings true virtualization to application delivery controllers for the first time. The announcement was made Monday at Interop 2011 in Las Vegas, a UBM TechWeb event.
Running on its high-end Viprion platform, vCMP can run multiple virtual instances of the BIG-IP, F5's popular line of load balancers and offload devices. F5 is also launching an enterprise version of the Viprion itself, a product line that was initially aimed at large service providers.
F5 said it believes that cloud computing and enterprise mobility are driving demand for the services that the BIG-IP can offer, such as traffic management, access control, and SSL, TCP, and XML acceleration. The company's big differentiator is dedicated hardware. "We've invested a lot in building complete system architecture, with an engineering team for hardware and software that works together," said product manager Michael Krasnow in an interview. That means custom ASICs and FPGAs, as well as the F5 software and dedicated silicon such as SSL chips from Cavium Networks.
The downside of this reliance on hardware is that it makes the system hard to virtualize--simulate it in software and you lose the speed boost, give applications direct access to the silicon, and you risk instability. For this reason, the virtualization previously offered by F5 was really just multi-tasking: Only one instance of the F5 OS ran, meaning that a badly behaved application could still crash the switch. "We can run in VMWare, but commodity hardware and a commodity hypervisor don't scale to the kind of performance we need," said Krasnow. "The Viprion is an order of magnitude faster."
New hardware support means that F5 can now offer true virtualization, with multiple instances of the OS all accessing a private partition. For example, different instances of the F5 OS can be given their own capacity on the Cavium silicon, ensuring that they still get the sandboxing benefits of virtualization without sacrificing the performance boost of dedicated hardware. The principle is similar to the hardware extensions that Intel and AMD added to processors a few years ago, which spurred the massive boom in server virtualization.
F5 says that this will let different enterprise departments use different functionality within the box, or even run different versions of the F5 OS if they are on different upgrade cycles or use different maintenance windows. However, virtualization support is only included in the F5 OS from version 11 onwards, so all departments will have to upgrade to at least that version. Both the updated OS and the new Viprion 2400 itself will be available in June.
The Viprion 2400 is based on the same underlying platform as F5's existing Viprion box, but scaled down in cost, size, and performance to target enterprises rather than carriers. A 4U chassis with four slots, customers can start out with one blade and add the other three as needs increase. Blades are hot-swappable, with the built-in virtualization automatically reallocating capacity if a new blade is added or an existing one fails or is removed. Because application delivery controllers can be used for different things, throughput depends on how deeply it is looking inside each packet.
Fully loaded with four blades, the Viprion 2400 can handle 160 Gbps at Layer 4, a figure that drops to 72 Gbps at Layer 7. List price is $59,995 for each blade plus $9,995 for the bare chassis. The 2400's blades are not interchangeable with the existing Viprion, as the existing model uses physically larger blades due to its higher capacity and has a feature set customized for service providers rather than enterprises.
In the long term, F5 thinks that its devices are ideally positioned to take on more functions, easing the load on servers and switches. "We have strategic points of control where we can apply security, management, and optimization," said Krasnow.
Of course, other vendors are also pushing for their own hardware or software to take greater responsibility, but F5 thinks it still has an advantage over switch and server vendors because of its existing features. "While a router may see packets, it doesn't see application flows and it can't be an application firewall; we're looking at Layer 7 rather than just packets," he said. "A server only sees traffic destined for it."