NetScaler versus Big-IP Bake-off

Introduction

I spent several days with the Citrix NetScaler and F5 Big-IP. I have used Big-IPs in the past, although it was the 4.x software version which is much different than the current 9.x version. This gave me a small advantage with the Big-IP initially. I've administered Cisco devices also, and the NetScaler CLI felt a lot like Cisco IOS, so initially I think both were equally comfortable to administer. When all you need is to be able to create a virtual IP and balance traffic to your back-end servers, both products can do the job easily and for the most part have equal features in that category. I think the Big-IP has the advantage of being able to use iRules to do things at the edge of the site that we may or may not need now, but would be a nice-to-have for future configurations. F5 also has a useful user community site (DevCentral) and Knowledgebase (Ask F5). Citrix has user forums too, but it didn't seem nearly as informative. Most of their site seems to be focused on Xen.

Load Balancer Observations

The NetScaler uses a Java applet driven GUI which is mostly nice, but using Firefox and Apple's JRE introduces some quirky display issues. Sometimes the page is totally blank and you need to refresh which usually kicks you out and makes you log back in.

The Big-IP GUI is driven by JSP pages and felt "quicker" when navigating through different sections.

The NetScaler interface is very easy to navigate and finding things is simple.

The NetScaler Dashboard looks nicer and some useful info. I wish there was a way to drop more graphs on the page.

The embedded Help sections on the F5 are very convenient.

The PDF documentation for the NetScaler is well written and easy to follow. It would have been nice to see some of the info embedded in the interface like the F5 has.

The Big-IP graphs are actually more informative in my opinion. Being able to see connections in real-time is a real plus.

I like the fact that the Big-IP is running a Linux kernel (albeit an old one) and has GNU tools. Makes it easier to administer for a Linux SysAdmin. Also, the documentation is in man pages, so if you want to know everything you need to know about creating a new virtual server, it's as simple as typing 'man virtual'.


The other advantage of a GNU/Linux environment is that you can actually use sed to do things like globally replace a string in your config file to quickly and easily change something site-wide.

There is a good example of how this is useful. I had to change the self IP address of the external interface and make it internal, but it was not obvious through the GUI or even through bigpipe. Editing the bigip_base.conf file was super easy though.

The CLI on the NetScaler (as mentioned above) feels very IOS-like and was pretty easy to go from a Cisco device, to a Foundry device, to the NetScaler without having to think about what you're doing. The Big-IP uses "bp" commands that take a little getting used to, but after an hour of repetition it's equally easy to administer on the command-line. The built-in documentation (man pages, natch) on the Big-IP is very useful. The NetScaler does the IOS "tab-tab" thing to assist when you've lost your way.

The multiple Gigabit interfaces on the Big-IP would be useful for internally used clustered Web apps that need to be on separate subnets. I don't think we're there yet, but it would be nice to have that option.

The NetScaler has a remote web logging feature that is extremely easy to setup. You install an agent on your logging host via RPM and then enable remote logging on the NetScaler and it's done. The Big-IP can probably handle logging via an iRule, however we didn't get to that question when their system engineer was out last time and searching on DevCentral didn't pull up anything readily.

Simple to configure Cacti graphs on Big-IP, there was even a how-to on F5's site. The graphs allow you to monitor connections per second per virtual server (try doing that on the Foundry). The SNMP MIBS are readily available within both the Big-IP and NetScaler GUI.

Both products offer an API solution so we can write custom applications that can interface with the load balancers. The NetScaler offers this within their GUI, along with the documentation. F5 offers it's API called iControl, along with an SDK, both freely available on their site. There's also an iRules editor (Windows only) that is like an IDE for iRules. It's very useful for quickly writing complex iRules from scratch and has a built-in syntax checker. Both APIs use standard XML / SOAP. The NetScaler provides a few examples in different languages to get you started, but F5's community is again useful in providing a dynamic forum where more than just examples are posted.