A10 AX2000 Load Balancer Review
Posted by Sam
We've been using a Kemp load balancer for a bit over a year now. At the time we purchased the Kemp we weren't pushing that much traffic and the Kemp was an OK replacement for the Cisco LocalDirector that it replaced. However, our needs grew more quickly than we expected and the Kemp just couldn't keep up. When it was only pushing L4 traffic it was fine, but once we started pushing L7 traffic it just couldn't keep up. The CPU would spike to 100% and the load balancer would stop passing traffic until it caught it's breath. Usually only a few seconds but that's a lifetime for a website. The Kemp had other things that I didn't really like once I dug deeper. For example there was no way to setup a second server to only get traffic when the primary went down. You could set the weighting really high but it was still hacky. The interface also had it's quirks. Sometimes you could set a label on a VIP and sometimes you couldn't. I didn't feel confident that another Kemp would serve us well with our increased requirements. So I started researching other load balancers.
I'd never heard of A10 until I read this article on selective source NATing. I prefer to use the load balancer as the gateway in what's often called routed mode. This works great for everything except being able to hit the VIP on the same subnet. Selective source NATing lets me use routed mode, keep the client IP addresses and still be able to hit the VIP locally. This is really useful when you have one site that needs to call another site or for monitoring. You can hit the VIP and keep the benefits of load balancing the servers.
Another thing I like about the A10 is that they don't have licensing fees. Once you own the box you own all of the features that the software has. F5 and most of the other big vendors charge you a licensing fee to "unlock" additional features. They also don't require a license key like the Kemp does.
So far the A10 has been extremely fast. It's a quad CPU box and I've never seen the dedicated data CPUs rise about 2-3%. The A10 has other features that you'd expect such as caching, compression and SSL offloading. I'm not too concerned with any of those features yet, but so far the A10 nails the basics. I expect to be able to use caching and compression without any CPU congestion.
There are a couple of nitpicks with the A10 such as the web interface could use some usability tweaks and a quick start guide would be nice. Also, looking through the aFlex rules it looks like you can't override which server traffic goes to if you are using server persistence. I understand the logic but it's very possible that you might want to offload static files to a very fast web server while serving dynamic content from an app server for example. If I'm reading the aFlex guide correctly this isn't possible.
A couple of features I'd like to see are the ability to limit traffic based on bandwidth. This can be done through the firewall but it would be nice if it was integrated into the load balancer. The other thing I'd like to see are combined bandwidth and connections graphs. The A10 shows one graph per VIP. It would be really nice to see one graph with all the VIPs so you could see all the traffic with one graph instead of switching among perhaps a dozen or more individual graphs. This can be accomplished with something that monitors the A10 via SNMP but it would be nice to have it in the web interface. And last on my wish list would be some sort of application firewall. This might be possible with aFlex rules but writing a decent set of rules from scratch would be a pretty big task. At least a basic set of rules would be helpful (assuming the aFlex rules would work for that).
All in all I'm pretty happy with the A10. It's solid and fast. A few more features and nothing in it's price range could touch the A10. If you have any specific questions feel free to leave them in the comments.
Tags: loadbalancer
Comments
Be the first to leave a comment.