Performance soars, features vary
When bottlenecks knock your Web server on its back, you have three choices: Replace it with high-end hardware and hope the server is fast enough to handle the load; distribute your content to several smaller sites, each with its own Web server; or balance the traffic load across multiple mirrored servers. For most organizations, load balancing is the clear choice.
- Load-balancing software, which includes Resonate's Central Dispatch for Sun, NT and AIX, and IBM's WebSphere for Sun, NT and AIX.
- Dedicated router-based devices, which include Radware's Web Server Director, F5's Big/ip, Coyote Point's Equalizer, HydraWeb's Hydra5000 and IPivot's Intelligent Broker 4000.
- Switch-based load balancers, which include Alteon's ACEdirector 2 and HolonTech's HyperFlow 2.
Share the burdenPerformance is a key feature to look for in a load balancer. Our performance tests were not designed to stress the products to their breaking points. Rather, we set out to compare the efficiency of the nine load balancers and show the improvements you can expect to see when you add a load balancer to your site. In our tests, the nine load balancers significantly improved Web site performance. Surprisingly, F5's Big/ip improved pages-served performance by 55%, even when our test bed contained just a single Web server, suggesting that Big/ip also improved the flow of connections to the servers. With two Web servers, HydraWeb's Hydra5000 was the performance leader, providing a 200% throughput increase over a single Web server with-out load balancing. With three Web servers, Resonate's Central Dispatch led the field, providing a 330% throughput improvement. Even the slowest performer, Coyote Point's Equalizer E250, boosted Web page delivery 185% to 57 page/sec. The average speed gain for all the load balancers tested was a 236% increase. For scalability, we evaluated each product's ability to handle a large server farm directly connected to the load balancer, as well as the product's ability to dynamically test a remote Web site and connect a user to it if that site would be the best performer for that user. The software-based load balancers accept connection requests and hand the connections over to the Web server chosen in the balancing scheme. This way, the load balancer only handles the packet once.Thus, for the same processing power, a software load balancer should be able to handle roughly twice the Web service requests of a switch- or router-based device. Resonate's Central Dispatch loads an agent onto the Web server to complete the load balancer connection. IBM's WebSphere requires a loopback adapter on the Web server. You can configure Radware's Web Server Director as a router, using two interfaces to pass all packets to and from a secure network, or as a server, redirecting connections to the Web servers. If you need to scale beyond its capacity as a router, you can configure Web Server Director like a software load balancer. Similarly, you can configure IPivot's Intelligent Broker 4000 like a router, using its single interface for internal and external connections, and switch to server mode to enhance performance. As routers, F5's Big/ip and Coyote Point's Equalizer have only two interfaces, one internal and one external. This could limit their throughput when configured as routers, causing performance problems in high-bandwidth situations, such as with a T-3 connection. HydraWeb overcomes this limitation with its four-port Hydra5000 router. HydraWeb also offers an optional global load-balancing management tool called HydraHydra100. The tool provides true enterprise scalability, site-level resiliency, traffic prioritization and disaster recovery. Locally, the switch-based load balancers scale well. The switches either put Web servers on their own switched ports or cluster the servers on hubs connected to the switch with multiple connections to the WAN interfaces. HolonTech's HyperFlow 2 is a 16-port load-balancing switch. The other switch we tested, Alteon's ACEdirector 2, has eight ports for servers, and you can add another switch if you need more connections. However, neither switch supports remote Web site load balancing, while the seven other products we tested do.
Management and configurationWeb performance can change by the hour, so you need management tools that let you see how well these devices are doing their jobs and allow you to make configuration changes easily. Web administrators need to know when a server is getting close to full utilization, for example, and they need to be able to easily add another server to the farm. Configuring Central Dispatch is easy with Resonate's Web-based Java GUI. Because Central Dispatch has agents running on each server, the product allows control of balancing based on server performance. For example, you can shift load based on open connections, CPU speed and CPU utilization. Radware's Web Server Director's GUI supports NAT and several other load-balancing options. We liked the way Web Server Director allowed us to test response time for remote Web site balancing. ACEdirector 2's Web-based interface is well-designed and intuitive, although it could be a bit more responsive. One of the few drawbacks of ACEdirector is that it doesn't provide server performance history. The router-based load balancers are the hardest to configure for someone with limited Unix experience. F5's Big/ip doesn't hide its Unix core, though for routine maintenance and configurations, it's not too laborious. Coyote Point's Equalizer features a Web-based management utility that is fast but plain, giving all the necessary configuration options for load balancing. Equalizer offers innovative data tracking and plotting of historical statistics, which gives you a good idea of how traffic is spiking and when servers are being overloaded. HolonTech's HyperFlow 2 configuration and management tools were almost as intuitive as Alteon's ACEdirector 2. Like Big/ip, IBM's WebSphere required Unix knowledge for configuration. Although WebSphere doesn't have a browser-based management interface, it has a simple, polished X Windows GUI for local or remote management that can handle day-to-day configuration tasks for a large Web site. HydraWeb's Hydra5000 also requires you to configure its load balancer from a Unix command line. Fortunately, HydraWeb's standard policy includes on-site installation with each purchase. HydraWeb is in the final stages of developing a GUI, but it was not available in time for our tests. IPivot's Intelligent Broker 4000 requires a fair knowledge of Unix commands for configuration and maintenance. A Web-based interface is adequate for day-to-day management and helps you add servers to the cluster.
Keep it safeA key aspect of managing these devices is making sure they are secure against outside tampering. The dedicated router-based load balancers, which typically run on Unix platforms, offer the best security because they can be set up with access lists, port filtering and other security features. For instance, you can easily configure the devices to allow only hosts from secured addresses to connect. As with all Unix solutions, Coyote Point's Equalizer, HydraWeb's Hydra5000 and F5's Big/ip can be locked down into a secure unit with full NAT capabilities. Among the router-based devices, Big/ip stands out for its extensive packet filtering capabilities. Another major function of security is the protection of the servers. Hiding Web servers on a private network and using NAT forces users to go through the load balancer before attaching to the Web servers. Of course, this can only be done when the load balancer is acting as a router. Only IBM's WebSphere and Resonate's Central Dispatch do not perform this function. Alteon's ACEdirector 2 has all the standard security features, including NAT. However, as a Web server, ACEdirector 2 might be vulnerable. By default, ACEdirector 2 requires only a user name and password to get into the HTTP configuration utilities and is also open to remote telnet connections. Not only does HolonTech's Hyper-Flow 2 provide NAT, but it also has controls to secure the unit from all but authorized protocols and addresses. In this respect, HyperFlow 2 is like the Unix platforms, but it's configured using a browser-based GUI. Resonate's Central Dispatch and IBM's WebSphere lack the added security that NAT provides. Also, because the software-based balancers require a software agent to be installed on the Web servers and a loopback adapter to be configured, they may make some Web administrators nervous about conflicting software and possible security holes. Both packages rely on the underlying platforms to provide local security. Radware's Web Server Director and IPivot's Intelligent Broker 4000 can provide tight security for themselves and the cluster of servers they service in router mode, but not when they are acting as servers.
Getting startedMost of the products were easy to install, though the Unix-based packages were generally more complex. We had some trouble installing HolonTech's HyperFlow 2, mostly because of minor errors in the installation guide. Installing IPivot's Intelligent Broker 4000 was not a simple task. The process required a fair amount of Unix-like configuration. The documentation was adequate, although sometimes confusing. HydraWeb's standard policy is to send an engineer onsite to install and configure HydraWeb's Hydra5000. Even with the engineer, installation was lengthy and confusing. Considering that all the products we tested are relatively new, we were surprised at how well they performed and found something to like about each. In the end, Resonate's Central Dispatch scored the highest on the strength of its performance, management tools and ease of installation. With a little refining, the competition could bridge the narrow gap that separates them from our Blue Ribbon Award winner. How we did it
To evaluate the Web server load balancers, we set up a test network to simulate PC clients requesting Web pages from a Web server. We tested performance using Microsoft's Web Capacity Analysis Tool (WCAT) using its predefined ASP50 test, which retrieves a mixture of Active Server Pages and small files between 1K and 1M byte in a ratio of 50/50.
To establish a baseline for comparison, we first used six and then 12 clients, each of which simulated five Web clients, to send requests to one Microsoft Internet Information Server Web server running on a 350-MHz Pentium II with 128M bytes of RAM.
We added each load balancer to the test bed, then repeated the WCAT performance tests.
Finally, we added a second and then a third Web server to the test network and repeated the WCAT performance tests.We also evaluated each product on scalability of design, management and configuration tools, security features and ease of installation.
How we did it
Load balancing forum
Discuss load balancing with Mark Hoover, author of our article on load balancing trends.
Form follows function
Interactive buyer's guide
User study: Dense traffic drives Web-server load balancing
RFP Anderson is the Network Lab manager and James is vice president of Lab Services at LANQuest Labs, an independent test lab specializing in network quality assurance, certification and performance testing services. Anderson and James can be reached at panderson@ lanquest.com and gjames@ lanquest.com.
Don't be swayed by fancy features when a fast, scalable load balancer should be your top priority. Network World, 6/14/99.
Detailed look at which vendors have adopted which architectural approaches. Network World, 6/14/99.
Find a product that best matches your criteria, compare two or more load balancers in several categories or download a spreadsheet with all the product data.
With nearly 60 Web servers, the West Group needed load balancing quickly. See what they decided on and why. Network World Fusion, 6/14/99.
The Tolly Group prepared a sample load balancing RFP. See how vendors responded.
Form follows function
Interactive buyer's guide
User study: Dense traffic drives Web-server load balancing
Anderson is the Network Lab manager and James is vice president of Lab Services at LANQuest Labs, an independent test lab specializing in network quality assurance, certification and performance testing services. Anderson and James can be reached at panderson@ lanquest.com and gjames@ lanquest.com.