Why do so many security and networking products ship as appliances? Raw performance is a consideration, certainly. But convenience is arguably more important. With an appliance, I can simply rack a box, cable it, IP it and I’m good to go (usually).
To preserve this perception of the perfect turnkey solution, many vendors are reluctant to reveal what’s ‘under the hood.’ Too often, if you ask an appliance sales person or marketing guy what type or class of processor is used, they either won’t know, or will try to side step the question by telling you it doesn’t matter. (Or worse, they’ll tell you they have some proprietary, secret sauce ASIC). Then they’ll add that all you should care about is the appliance specs. Trust us!
That may hold for some networking solutions, but for next-generation load balancers (Gartner calls these application delivery controllers, or ADCs) the CPU matters. A lot! ADC workloads are very CPU intensive. Not so much for plain vanilla L4 load balancing. It’s the more advanced features like application firewall inspection, content switching, data compression, small packet processing, etc. that tax an appliance’s CPU. That’s why it’s really important to find out what you’re buying – especially if you’re evaluating $100,000+ appliances.
If you compare the latest CPUs, Intel smokes AMD. That assertion shouldn’t be controversial, but I’ll let others take up that religious war. Next question: what class of Intel processor?
Intel is pushing wider/faster I/O buses, integrated memory controllers and, of course, more cores. (What wonderful things 32 nm geometries bring. Intel recently announced availability of its Xeon 5600. http://www.intel.com/pressroom/archive/releases/2010/20100316comp_sm.htm#story
With Intel, networking appliance vendors can now get 6 cores per CPU package, bringing 50%+ increase in ADC capacity and performance. You won’t always see it reflected in a vendor’s data sheet, but when you stress the appliance in the real world the difference will be more than noticeable. Just check the appliance’s CPU profiler when running production-level traffic. You’ll also need more cores if you’re running multiple ADC modules, with each having its own policy evaluation and enforcement.
So, now that Intel has begun shipping Xeon 5600 which ADC vendor will be the first-to-market with this latest CPU?