Netscaler vs F5 vs Cisco ACE

Zartanasaurus

Don't have experience with any of these. We are looking at probably purchasing one. I don't think our requirements are very huge, just curious if any TE members have opinions on them.

lordy

I have been working with F5's and find them pretty neat.

DevilWAH

I was working with F5 in some very large insulations. Very easy to work with as they are laid out nice an logicaly. After playing with others they are definitely the ones to beat.

mayhem87

I do troubleshooting on F5's almost weekly and must say they are pretty easy to work on. Have tons of flexibility with iRules. They also have their problems as well though. Been having lots of trouble with version 11 however they have a couple of hot fixes out which is clearing up some of the bugs. Another is I really hate how the UCS file won't load if the bigip_base.cfg doesn't match the vlans. Have been burned on that multiple times.

ChooseLife

Of the three, I've worked with F5 and have had positive experience.

AlexNguyen

We're using NetScaler because we're a big Citrix customer.
Google for "Citrix NetScaler vs F5 Big IP".

unclerico

We use Netscaler and I'd take it or leave it.

santaowns

As i work in OPS in a large company, we get the calls most of the time when there are issues. I have yet to take a call on one of our F5s but have had 1 call on our netscaller and many calls with ACE issues. If that helps.

Zartanasaurus

santaowns wrote: »

As i work in OPS in a large company, we get the calls most of the time when there are issues. I have yet to take a call on one of our F5s but have had 1 call on our netscaller and many calls with ACE issues. If that helps.

That's great, thanks. We ended up going with the Netscaler.

bettsy584

I have some exposure to both (more NS), but I prefer NetScaler. I guess it comes down to requirements then you can make a decision based on the service you are looking to us an ADC for.......

The concepts on both units are very similar from a pure networking stand point.

NetScaler has Subnet IP's for backend server connectivity, Big-IP's have Self IP's. When I was learning F5 I already knew NetScaler and it was a case of mapping the terminology.

apr911

I've worked with all 3 and find the F5 the easiest and most intuitive.

The ACE is EOS/EOL and has been for some time. It's 100% command line driven and its all done in Cisco MPF. Unless you spend a lot of time writing MPF policies on Cisco Firewalls (which no one really does), I dont really recommend it. It's a lot like trying to program your own loadbalancer; you have to "match" traffic then send it somewhere and if you want to do "complex" you may be processing the same traffic multiple times (i.e. to offload SSL, you have to catch the encrypted traffic, send it to the SSL Processor, then catch the decrypted traffic and decide what to do with it).

The ACE being EOS/EOL does not have support for newer features like SNI for multiple SSL certificates on a single IP and many of the SSL Ciphers are probably deprecated.

If you want to go Cisco for your LB, I'd recommend the CSS before the ACE but both are EOS/EOL and will have no further support. Cisco does not currently have a branded loadbalancing product. There was speculation that Cisco was preparing to buy F5 when they killed off the CSS and ACE but it never materialized. Although F5 has had a valuation that has remained relatively steady between $5-7.5billion which is well within Cisco's means to buy it seems unlikely to ever materialize. Cisco is now are partnered with Citrix and sells the NetScalar.



The NetScalar is Citrix's loadbalancing product. Its a solid device with ongoing support but I found the interface to be quite cludgy. It has been 2 years since I've worked with it so they may have fixed it but when I last used it, the GUI was almost entirely JAVA based and doing anything on the device required loading a different Java applet. They may have gone in a different direction given attempts to stamp out Java in the last year or so but the java applets were slow to load, slow to run and in a fast paced "down" issue, there is nothing worse than having to wait for different applets to load up so that you can check to the pool, the monitor and the VIP.

The NetScalar has a CLI but its intended more as a recovery console than a full fledged CLI.


The F5 has one of the more intuitive interfaces around. It is entirely configurable from CLI and GUI and once of you get the hang of it, you'll easily see the parallels between how things are down in the GUI vs CLI. The device is also has a lot of advanced features and its use of TCL for iRules make it a really expansible platform on which to build.

Under the hood, the device is basically running a proprietary shell and microkernel for traffic handling which means your linux Admin can just as easily jump on the box as your network admin. A lot of places I've worked with have leveraged this ability to do things like set up custom SNMP traps or have the device email when certain events happen. I've even written several Bash scripts that do different things on the device.

The F5's biggest failing is the price. They've been working on this with new licensing models but its still one of the pricier options around. The F5 is the industry leader in the Application Delivery space at the current time; their device is the most fleshed out, stable and widely deployed.


Unmentioned in your question is A10 Networks. A10 is an up an comer. It has all the functionality of the F5 and then some and a fraction of the cost. They're still the new kids on the block but everything I've seen indicates they are likely to be an extremely competitive alternative to the F5. In many ways, I already consider them the most viable alternate to F5; they just havent reached the scale yet to be a true contender and at <$500Million in valuation, they are a ripe acquisition target for some of the bigger players (Cisco, F5, etc).

Also unmentioned is the Brocade ADX. I wont go into detail about the ADX product line beyond saying that unless you want a loadbalancer that has been duct-taped on top of a routing platform then I'd avoid it. My experience with the ADX product line is also 2 years old now and its my understanding they've fixed a fair number of the bugs but stability can still be an issue, its interface is confusing (both the GUI and CLI) and many of the features that have been promised continue to be delayed or cause issues. It's been my experience that the ADX is the cheapest of the lot, though I'd argue for good reason, and since its part of the larger Brocade organization, its unlikely to go anywhere anytime soon. Brocade is unlikely to be bought out and they're unlikely to kill it as it doesnt cost them much to develop the software/hardware as its a fork off their routing platform and the product line is bough in quantity by IT Managers looking to save a buck on CapEx which really just shifts that cost center to OpEx instead (additional time configuring, troubleshooting and downtime all fall under OpEx) such that the total cost of ownership is the same or more; I'd rather spend $75 on Capex and $25 on OpEx for $100 total than to spend $25 on CapEx and $75 on OpEx but businesses rarely look at it that way. This is especially true if the application doesn't have to be stable in the first place (i.e. beta apps, internal apps or other non-revenue producing applications)