Understandably, we get quite a few requests for a product roadmap containing release notes and feature updates. We've had a chat about this internally and thought that it would be nice to have a permanent post on the blog that we change on the fly as and when customer requirements change. Putting this on the blog enables our customers to express their arguments for and against new features etc. This entry should also give you a better idea of our priorities and how we develop the product.
Let's start with our priority list, this is an overview of the things we feel are most important in a load balancer appliance in order of priority:
- Constant improvements to underlying systems
- Future enhancements to intelligence, logging and alerting.
- Constant focus on close to zero downtime for maintenance and security updates
- Helping the customer carry out software updates on servers in the cluster.
- Constant re-assessment of the best default configurations for performance
- Renewed focus on special application performance requirements (i.e. lots of small packets or lots of large ones).
- How can we make the product easier to support and how can we improve our support service?
- Improvements to look and feel + intelligence and ease of use
- New platforms
- Integrate new platforms as and when they become customer priorities i.e. azure
- New features
- Assess against our priorities and implement if, and only if they match our stated priorities.
- New products
- Constantly looking for new applications to help customers with their infrastructure requirements.
So what features are we currently working on? (i.e. next couple of weeks)
We're currently working on v8.3.2 - we'll update you on this shortly, so watch this space!
v8.3.1 was released recently - it was delayed slightly when the Spectre & Meltdown Intel bugs were announced (sigh). Even though they are NOT a major problem for our product we thought we'd better test and release a fully patched Kernel (just in case).
Check out the new features and updates for v8.3.1 below.
In addition to working on v8.3.2, we've also been working on a big piece of development (i.e. next 6 months) - v9
Actually we're already 12 months late but we are a very patient bunch of people...
So, what are we doing for v9?
- Completely re-writing the backend so that everything is processed from a single API.
- We are building on our previous work in v7.6.3 for complex Layer 7 manual configuration support in the system overview.
- We will enhance the web interface with full support for front end / backend configurations to work seamlessly with the entire web interface.
- This will allow the vast majority of F5 migrations to be completed without the requirement of manual configurations.
- It will also make it easier for different backend groups to have different health checks.
- All functions will have automatic testing and documentation.
- Performance of everything will be much faster.
- Web user interface support for multiple backend clusters attached to front ends with rules i.e. server pools
- Multiple pools for health checks as above
What features were recently completed?
NB. As of 01 February 2018, the current version is v8.3.1
Azure: Added multiple interfaces to Azure.
WAF: The system can now direct WAF logs to syslog and therefore a remote syslog server.
PBR: You can now start/stop a single set of rules without having to re-write/affect all PBR services.
GSLB: GSLB is now available and configurable from the interface. Yup! I didn't believe it either. We have finally caved to your constant demands for GSLB! Actually Aaron finally found some really powerful uses for it on customer sites as explained in his blog about full GSLB support in v8.3.1.
Kernel: Kernel is updated to 4.4.110 to mitigate the meltdown attack. (Warning: requires reboot)
HAProxy: Haproxy updated to 1.7.10 and re-encrypt to backend is now available in TCP mode.
Layer 4: LVS SNAT mode has been added giving you the performance of layer 4 load balancing for TCP and UDP without the requirement of making server or infrastructure changes. Why we didnt do this earlier - I don't know, because its great!
- The only change between v8.2.5 and v8.3 was a BIG update of the Linux Kernel from our existing 2.6.35 all the way to 4.4.49.
- We have done a lot of testing with the new Kernel and we are very happy with the performance improvements.
- Enhanced performance and new double login feature for our WAF
- Improved SSL hot reload to guarantee zero downtime
- PROXY protocol no longer requires a separate VIP on port 81
- API fully updated with 98% of functions available
- Big performance updates for the WAF went into v8.2.5, we also added the new double login and Google Authentication features.
In the process of designing our WAF implementation we've been having a lot of conversations with Sucuri, these guys are awesome and know everything about web application firewalls and denial of service protection. Sucuri are also way more friendly than Incapsula (who were impossible to get any straight answers from).
- More wizards for setting up specific applications
- Dynamic graphing and dynamic numerical stats
- Re-write and enhancement of the initial configuration wizard(s)
- Layer 7 email alerts - as usual we've released it open source before actually putting it in our product (how do we make any money anyway?)
- Re-write of the security model for pairing master and slave units - for full security compatibility with cloud platforms AWS and Azure.
- Overhaul of system overview
- Loads of improvements to the web interface in general, making it easy to use as well as nice to look at
- Layer 7 external health checks i.e. NTLM proxy health checks
- Enhancements to layer 4 maintainability and matching behaviour to be similar to layer 7 (especially the fallback server)
- Hardware compatibility/performance updates for new hardware models i.e. Dell R220
- Moving the full v7.x application to the Amazon EC2 cloud platform.
- Kernel improvements for multiple hyper-visor platforms VMWare, XEN, Hyper-V, KVM & EC2
- Improvements to the layer 7 HAproxy stateful restart and replication model
- Automated contrack tuning and irq balance performance updates
- Re-write of the user security model in the web interface
- Performance and functionality improvements to the windows feedback agent
- Port of the full product to Microsoft Azure cloud platform - in progress but trying to make the Kernel secure without access to the Microsoft source code is fun!
Other previous updates....
- SNI support in the web interface
- WAF / Mod_Security: We've ensured that our Layer 7 rate limiting enables seamless protection for each WAF instance by default, because the last thing we want is the WAF itself being an easy way to DOS our load balancer!
- Simple ACL redirects and rules with support for manual backend configurations
API & LBCLI improvements
- AWS - automatic one click integration with auto scaling groups
- Complete re-write of the disaster recovery functionality - NO DOWNTIME!
- Several performance enhancements for specific types of traffic.
And then we have some features on the soon to be scheduled / wish list:
- Full re-write of the high-availability subsystem (heartbeat) focusing on stability and scalability and intelligence for multiple nodes.
- Plug-in architecture and wizard for controlling the auto-scaling of backend servers in clusters - that would be fun/interesting.
- Enhancements and intelligence into real server health monitoring
- Easy to use Denial of Service rules- manual config.
- Simple rules to direct users to different clusters when the primary one is busy i.e. busy e-commerce site flood control - manual config.
- Easy and secure remote access to customer load balancers from Loadbalancer.org support staff
- Easier integration of existing authentication methods i.e. RADIUS/LDAP/Active Directory
Things we are not doing:
- SNORT - Why? But we might make DDOS protection more automated..
- iPhone/iPad/Android apps
- Graphical firewall
- Firewall load balancing - we could ask Horms very nicely to modify the Linux Kernel for this...maybe...
- Bridge based load balancing - yuck...But a LOT of people use web filters and WAFs in bridge mode so something like the Net Optics xbalancer solution makes sense.
- Link balancing - really? I don't think so. And here's why...
- TMG SSO replacements - Yuk. Although, Andrew might look into doing this during his downtime (our developers get 14 hours a week free/fun/downtime).
- Making anything more complicated, or harder to use....
Obviously this blog post needs a lot of work...and will change rapidly...please comment below, thanks.