Microsoft's Azure Application Gateway is a platform-managed, scalable, and highly available application delivery controller as a service with integrated web application firewall.
N/A
F5 BIG-IP Local Traffic Manager (LTM)
Score 8.9 out of 10
N/A
F5 states that the "brain" of the BIG-IP platform, Local Traffic Manager (LTM) intelligently manages network traffic so applications are always fast, available, and secure.
The best practice for a cloud environment is to use the tools provided by the cloud provider. That's why for Azure cloud, Azure Application Gateway is the most cost-effective solution that you can use. You can use a single Azure Application Gateway instance for load balancing WAF, URL-based routing, and more.
There was a need to have the DR environment to be available actively but not to send the traffic unless the production is down The F5 BIG-IP Local Traffic Manager (LTM) priority feature helped achieving it. It was well suited in handling the HTTP headers using polices and iRules. It was less appropriate from the application security perspective in the current version. But after attending the AppWorld 2024, I see a lot of ways to protect the network and the application with several features.
Uploading images by multiple end-users from several applications like web, mobile, etc.
When there is a high volume of data requests, it helps to queue them based on the type of request. So it's easy to serve and reduce the loading time from the application layer.
An application gateway is useful when it can identify the type of details the user is requesting.
Sure. It does load balancing fantastically. I mean, it's an industry standard product for that. We also use it for TLS offload for applications. Those are the two main use cases for that. We do also use some of the I rules for traffic filtering. We've used that in some of the external facing services. It does a really nice job with that. It's a little bit complicated sometimes and some of the Cipher Suite stuff is interesting.
Some of the stuff you have to dive into the CLI to really use, I'm going to reach back to the previous employer for this. So I had a much greater degree of involvement with it at that point in time for, I was the crypto guy at the company and I had to design all the cipher suites that we actually implemented on our front end banking products. So in order to do that, I had to dive into it, download all the Cipher suites, figure out the actual order of operation for them, how they were selected because I wanted to design the Cipher Suites to actually provide a specific customer experience for the types of connections that our customers were likely to initiate. Getting at that information was a giant PITA. It was poorly documented at the time. I'm not sure if it's documented any better now. Every time the software changed or got upgraded, made your version, I'd have to do it all over again because the upgrades to the stack, which looked like it was based on open SSL, but it was heavily modified with a different syntax. Oh yay. That's fun too. So I had to write giant documents describing all of the ciphers that I was designing for this because it just kept changing all the time. So I didn't care for that aspect of it. Traffic management does a great job for that.
F5 has always been one of the best products we have in the data center. We had few issues with the BUG and Code upgrades but the main use cases for F5 was always top notch. From High availability to Globally load balancing applications across multiple data centers and muti cloud environments.
Most of the Application Gateway's features and services can be managed and re-configured via either the Azure Portal GUI or via the Azure Cloud Shell, thus allowing both CLI modes, i.e. Azure CLI (Bash) and Azure Powershell. The v2 version of Application Gateway has significantly improved performance during initial configuration or during re-configuration changes, thus making it much more usable for IT admins, as compared to v1.
F5 BIG-IP Local Traffic Manager is a very good product. It is used in our company widely. So far we are very happy with the product. Esspecially on the load balancing and TLS encryption and Traffic redirecting based on HTTP path and http query. iRules is very easy to use as well.
HAProxy is an excellent load balancer that can also be used in cloud environments (and we do!), and is relied by hyper-large enterprises globally as well. However, HAProxy is a little bit more rudimentary in feature space, it does the core job well and securely, but doesn't provide any fancy additional features. Also, it takes more effort to deploy HAProxy than simply using an in-built feature in the Azure stack.
Obviously NetScaler, because we had that functionality, we just turned it on. We were only using it for our Citrix farms and we migrated all of our F5 uses over to the NetScalers. So simply because that was, other than buying the product, which the actual NetScaler themselves were cheap. I mean it cost us like $60,000 for all of them for the hardware. We were already licensed for it, so it was a no-brainer. We didn't have a choice. Definitely a superior product. A lot more functionality, particularly in corner cases where you might need to make some specific traffic tweaks. I would say that the NetScaler doesn't do nearly as good a job with that traffic filtering. You only really get URI filtering with NetScaler. You don't have the flexibility, the eye rolls or the complexity of the eye rolls, so that's a negative too.
We use these for 600+ applications and we are able to manage all of them remotely and provide security across every application in one single platform.
We are able to provide an amazing customer experience load balancing across multiple nodes and this increases traffic on our websites and ultimately increases orders and traffic.
