F5 Networks Explained

Company Name:F5 Networks, Inc.
Company Type:Public (NASDAQ)
Market Cap:$1.75 billion USD (2008)
Revenue:$650.2 million USD (2008)
Assets:$939.2 million USD (2008)
Num Employees:1709 (as of 2009-2-20)
Location:Seattle, Washington
Key People:CEO: John McAdam

F5 Networks, Inc. (NASDAQ:FFIV) is a networking appliances company. It is headquartered in Seattle, Washington and has development and marketing offices worldwide. It originally manufactured and sold some of the first load balancing products. There is some debate about whether F5, or competitor Coyote Point Systemsinvented the load balancer in the mid 1990s.

F5 Networks' flagship product, the BIG-IP network appliance, was originally a network load balancer but today also offers other functionality such as access control and application security. Add-on modules to F5's BIG-IP family of products offer email filtering and intelligent compression to allow for lower bandwidth and faster downloads in addition to load balancing and local traffic management capabilities.

F5 also offers other products in various segments of the Application Delivery Controller market. According to Gartner, F5 has a majority of the market share in this industry. According to Gartner, the most significant competitors (in terms of market share) are Cisco Systems and Citrix Systems. Other competitors include Barracuda Networks, Nortel, Foundry Networks, Astrocom, Radware, Coyote Point Systems, Cresendo Systems, A10 Networks, KEMP Technologies, Ipanema technologies,jetNEXUS and Zeus Technology.

Corporate history

F5 Networks, originally named F5 Labs, was founded in 1996. F5's first product was a load balancer called BIG-IP. If a server went down or became overloaded, BIG-IP directed traffic away from that server to other servers that could handle the load. F5's namewas inspired by the film Twister - F5 is the highest category tornado according to the Fujita scale.

In 1999 the company went public and was listed on the NASDAQ stock exchange (NASDAQ: FFIV). Corporate focus is on network intelligence.

F5 experienced a rough period after the collapse of the dot-com bubble but since then has had a strong recovery. In 2004, 80% of the F5 business was with Fortune 500 companies.

Using internal development and acquisitions the company extended its reach beyond load balancing, producing a wide range of products for what is known today as Application Delivery Networking. These products seek to improve the delivery of the applications by attempting to make them run faster and more securely.

F5 Networks has acquired a number of companies during its existence:


F5 Networks sells a variety of products in the Application Delivery Controller space:

There are also several optional modules available for the Local Traffic Manager.


BIG-IP is a network appliance on which most of F5's products are run. The core network functionality is implemented in Traffic Management Operating System (TMOS), which is developed by F5. The appliance also runs a Linux operating system, which is used for management tasks. Most of the product offerings can be run in any combination on the same hardware and same operating system and it is controlled by licensing.

FirePass and WANJet now also run under TMOS as modules. This functionality has been supported since 9.4.x. The FirePass module is currently in beta for select customers of F5 Networks.


On September 7th, 2004 F5 Networks released version 9.0 of the BIG-IP software in addition to a new collection of BIG-IP appliances on which customers could run said software. Version 9.0 was a significant leap forward in technology and is significantly different than the previous versions of BIG-IP. The significant changes include:

The current version, as of January 2009, is 9.4.6.

BIG-IP Hardware

The new line of BIG-IP hardware released in 2004 was a significant step forward from the older, more PC-like hardware. Internally the chassis contains a PC/server-type motherboard connected to a switchplane. All current models have hardware SSL support for handshakes and bulk encryption/decryption as well as a front LCD panel for configuration and monitoring and a separate service processor for out-of-band management. The 6400, 6800, 8400 and 8800 models have a custom ASIC to handle many load balancing tasks. The 6900 has standard redundant power supplies, which is an option for the 1600 and 3600 models. The 8800 comes with hardware compression support standard although that is optional on the 6400 and higher. Viprion is new chassis/module based hardware. It is a chassis which can hold up to 4 blades, each of which are equivalent to an 8800.

The full model line-up is as follows, with approximate best-case throughput indicated:

BIG-IP Software Features

all current models of the BIG-IP appliance have specialized hardware for SSL handshakes as well as bulk encryption/decryption. This hardware can perform SSL encryption/decryption more efficiently than the general-purpose CPUs found on web servers. The BIG-IP 8800 can handle 6 Gbit/s of SSL encryption/decryption (With appropriate licenses).

reduces amount of data to be transferred for HTTP objects by utilizing gzip compression available in all modern web browers (optional hardware compression is available for the BIG-IP 6400 or higher).

allows some applications to receive a greater portion of the bandwidth and/or a higher priority than others.

the BIG-IP can authenticate users against a variety of authentication sources (including Active Directory, LDAP, Radius, etc) before allowing them access to a website.

Caches static HTTP content in RAM to take load off of the web servers.

FirePass SSL VPN

The FirePass is an SSL VPN appliance and comes in a few models:

There are several benefits of the FirePass over the more traditional IPsec solutions, including:


The WANJet provides a point-to-point optimization solution over the WAN. A central location can have a WANJet and then multiple remote locations can also have WANJets which can provide significant performance improvements over the WAN links, especially when doing bulk data transfers (files, database replication, etc) or when high latency is involved (i.e. satellite or international links). It accomplishes this by using TCP optimizations between the devices to minimize the effects of latency, Transmitted Data Reduction Level 1 (TDR1) to selectively compress traffic, and TDR2 to eliminate the transmission of unnecessary data.