Looking Forward Through the Rearview Mirror
Growing up, I always admired the fancy convertible sports cars that were popular at the time. I can still recall seeing the Aston Martin DB5 used by James Bond in Goldfinger which was released in 1964. I would imagine myself driving in that car with its classic long lines and performance. Another car that I would see on the road was the 1958 Corvette. It was a masterpiece of styling and performance. I still dream of owning one of those classic cars and being able to drive it on the open road and feel its power and handling.
The funny thing is that even though those cars were state of the art and outperformed almost all of the cars in their class during the time, if you were to compare them to a modern vehicle, you might be surprised. The 1958 Corvette weighed almost 3000 pounds, had 290 horsepower and a top speed of 132 miles per hour. The performance numbers of the 1964 Aston Martin DB5 are not far off. What was state of the art then is average today. For comparison, a typical modern sedan, the 2012 Nissan Maxima has 290 horsepower and an approximate top speed of 135 miles per hour. It is almost identical in performance and actually handles better due to advancements in car technology. The top commercial sports cars built today far surpass these performance metrics. They can go from 0-60 mph in less than 3 seconds (twice as fast as the 1958 Corvette) and have top speeds surpassing 250 miles per hour!
Proxies Old and New
When application proxies were first created and implemented, they were a cool technology because they allowed people to manipulate and inspect the traffic for an application before the application servers had to process the information. Most often, they were implemented within a firewall or security policy to make sure that the content was appropriate. Unfortunately, because the application proxy was acting as an intermediate application server, there were multiple issues. If the application protocol was updated, the proxy needed to be updated as well, to understand the changes. Often, the proxy would create errors when going to certain websites or handling some requests. Also, since the application proxy was interpreting the protocol and content of the traffic, it had to have the proper security policies applied to it. It was not uncommon for hackers to compromise the application proxy or the server it resided on.
Today, when I raise the topic of 'application proxy' with people, they usually think of those software-based application proxies that resided on general purpose server hardware and shared those resources with other applications. By today's standards, this model of an application proxy is slow, hard to manage and has the potential to break the application if it does not understand changes in the communications and protocols as they evolve.
At F5, we promote the fact that the BIG-IP products are able to act as an application proxy. This is not the same type of application proxy that I just described. F5 has created purpose-built hardware to maximize the benefits and performance of the BIG-IP architecture. F5’s TMOS is the underlying system that runs on this hardware and is designed to extract all the benefits within the hardware design. The F5 solution can act as an application proxy performing many content inspection and traffic steering functions that one would want to optimize their network and data center environment.
The system is designed to fully proxy Layer 4 TCP connections, terminating the incoming TCP session and establishing a corresponding new TCP session on the backside. Within TMOS, F5 has enhanced the standard TCP stack to reflect the traffic patterns that are seen nowadays. F5 has created TCP Express, a series of features implemented in their TCP/IP stack. These enhancements optimize the performance of each end of the connection by manipulating the buffers, window sizes, and other metrics based on latency, dropped packets and other traffic characteristics. This is especially important in the Communications Service Provider network where the connections from mobile devices are limited by the characteristics of the wireless access network. Latency is high and limited packet loss is acceptable and even expected in the wireless environment. Those mobile devices are often connecting to resources on the Internet where latency is low and there is no expected packet loss. In the traditional client-server model, the TCP connection must negotiate to the lowest common denominator and usually provide a less than optimal experience. By being positioned in the network path, the F5 solution is able to optimize each portion of the TCP connection independently and maximize the network performance and ultimately, the user experience.
Another very important benefit is that since the BIG-IP is designed to be a full Layer 7 application proxy is that TMOS has the ability to optimize the application in-flight. HTTP traffic can be optimized by offloading HTTP compression to dedicated hardware, repetitive content can be cached, and TCP connections can be multiplexed using F5’s OneConnect. Traffic can be inspected and directed based on content. Rules can be created to support legacy TCP stacks and application implementations using F5's iRules.
I still like the concept and design of that 1958 Corvette, but I do not think I would actually want to own one if I had to drive it every day. I prefer a modern version of the vision behind the sports convertibles. They have the style I want, but with the upgrades available to make them much more capable than the original car. While it is nice to think of a technology as a fixed concept, it is important to realize that innovations are continuously made to improve on the technology, making it better, faster and more reliable. The application proxy today is no longer the product that I grew up with. I may reminisce about the original proxies, but I am glad that advancements have made it possible for F5 to evolve the technology to what it is today within the BIG-IP platform.