Buying a new networking appliance (be it VPN concentrator, firewall or load balancer … aka Application Delivery Controller) is a royal pain. You never know how much performance you’ll need in two or three years (and your favorite bean counter will not allow you to scrap it in less than 4-5 years). You do know you’ll never get the performance promised in vendor’s data sheets … but you don’t always know which combination of features will kill the box.
Now, imagine someone offers you a performance guarantee – you’ll always get what you paid for. That’s what LineRate Systems, a startup just exiting stealth mode is promising.
Where’s the trick? It’s simple – they don’t sell hardware, their software-only appliance (LineRate Proxy) runs on run-of-the-mill x86 servers. If you don’t get the performance you want (up to the licensed bandwidth), just add more servers.
Additional benefit: you don’t have to buy dedicate hardware – whenever you need more bandwidth, you can take another server from your compute pool and repurpose it as a networking appliance.
Isn’t CPU-based packet processing expensive? Sure is … if you use TCP stacks written for single-core CPUs and NE1000 interface cards in 1990’s. Like 6WIND, LineRate Systems developed their own TCP stack that replaces the one in FreeBSD kernel. They claim their LineRate Operating System (LROS) can reach 20-40 Gbps throughput on dedicated commodity x86 hardware with built-in NICs.
The performance numbers are good, but not exactly mind-blowing. vShield Edge can reach 4 Gbps with a single vCPU (single core) and Juniper’s Virtual Gateway can deliver up to 30 Gbps on a high-end server.
They also claim LROS can handle 100K+ session setups per second, 2M active flows and 4000 tenants (virtual network appliances) on a single server with 24GB of RAM. Although the numbers are not too far away from what’s realistically possible, I’d still do my own tests before deploying such a configuration (and just in case you need a great traffic generator, watch Spirent videos from Networking Tech Field Day).
What about SSL offload? Well, that’s where the going gets tough. You will definitely reach the performance you paid for, but you’ll have to throw a lot of CPU power at the problem compared to dedicate SSL hardware (after all, there’s a good reason we’re doing SSL offload in load balancers instead of running SSL code on web servers). Get a demo, run your own tests, do the math.
How good is the feature set? Honestly, no idea. The list of features supported by LineRate Proxy in currently shipping release is long and includes load balancing (with server health monitoring), content switching and filtering, SSL termination, ACL/IP filters, TCP optimization, and DDoS blocking.
They promised to give me access to documentation; after reading it, I might be able to tell you more (or at least ask Tony Bourke a non-trivial question). However, I do suspect there’s a reason their solution’s “entry cost is 70% lower than competing HW purchase”.
We all love bashing hardware networking companies for their extravagant margins, while they’re actually hiding software development costs by not including them in costs of goods sold.
Multi-Tenant isolation. As I already mentioned, a single LineRate Proxy appliance supports multiple tenants. To do that, it has to provide isolation between tenant networks, at least on the inside interfaces. So far, the only virtual networking technology they support are simple VLANs. No Q-in-Q, no PBB, no MAC-over-IP.
Other goodies? LineRate Systems got two other things right:
- Contrary to some other vendors (large and small) they do acknowledge that IPv6 exists – LineRate Proxy has dual stack (IPv4 and IPv6) from day one, including load balancing between the two.
- Like Juniper, they used the opportunity of a clean-slate approach. They implemented device configuration and provisioning the way it should be done in 2012 – the management interface is REST API (that you can tie directly to your cloud orchestration platform) with CLI and GUI being implemented as API clients.
Use cases. LineRate Proxy is probably best suited to cost-sensitive environments with unpredictable traffic growth (they claim their cost-per-tenant is less than $50/year … Amazon’s Elastic Load Balancing starts @ $18/month) and basic feature requirements. IaaS and SaaS providers immediately come to mind; not surprisingly, photobucket.com is one of their reference customers.
Finally - what is Software-Defined Network Services? Ah, that one? Glad you asked. You see, everything has to be hitched to the SDN train these days or you don’t get VC funding. A creative marketer could call any load balancer with an API SDNS, but between us – just because you have a software-only product that happens to have an API doesn’t mean that you just created a whole new category of solutions.
LineRate Proxy seems to be an interesting product worth testing, primarily due to their no-nonsense licensing (high performance doesn’t hurt either). If you’re building your own cloud infrastructure and are willing to consider startup vendors as part of your infrastructure, give them a try.
I got the information presented in this blog post during a phone call briefing with Steve Georgis, LineRate’s CEO. I was not able to test their product or read the product documentation.