Understandably, we get quite a few requests for a product road map. We've had a chat about this internally and thought that it would be nice to have a permanent post on the blog that we change on the fly as and when customer requirements change. Putting this on the blog enables our customers to express their arguments for and against new features etc. This entry should also give you a better idea of our priorities and how we develop the product.

Let's start with our current priority list, this is an overview of the things we feel are most important in a load balancer appliance in order of priority:

  • Security
    • Fast, rapid and proactive improvements i.e. Heartbleed/Shell Shock and others
    • Our new focus is on WAF/DOS/DDOS as well as just simply a secure appliance.
  • High-Availability
    • Constant improvements to underlying systems
    • Future enhancements to intelligence, logging and alerting.
  • Maintenance
    • Constant focus on close to zero downtime for maintenance and security updates
    • Helping the customer carry out software updates on servers in the cluster.
  • Performance
  • Support
  • Usability
    • Improvements to look and feel + intelligence and ease of use
  • New platforms
    • Integrate new platforms as and when they become customer priorities i.e. azure
  • New features
    • Assess against our priorities and implement if, and only if they match our stated priorities.
  • New products
    • Constantly looking for new applications to help customers with their infrastructure requirements.

So what features are we currently working on? (i.e. next couple of weeks)

UPDATE: Today (25 September 2017), we released v8.2.5. New features and updates include:

  • Enhanced performance and new double login feature for our WAF
  • Improved SSL hot reload to guarantee zero downtime
  • PROXY protocol no longer requires a separate VIP on port 81
  • API fully updated with 98% of functions available

Simultaneously we released v8.3.

The only change being a BIG update of the Linux Kernel from our existing 2.6.35 all the way to to 4.4.49...
We have done a lot of testing with the new Kernel and we are very happy with the performance improvements.

In addition to the above, we're working on a big piece of development (i.e. next 6 months) v9

Actually we're already 12 months late, but we are a very patient bunch of people...

So, what are we doing for v9?

  • Completely re-writing the backend so that everything is processed from a single API.
  • We are building on our previous work in v7.6.3 for complex Layer 7 manual configuration support in the system overview.
  • We will enhance the web interface with full support for front end / backend configurations to work seamlessly with the entire web interface.
  • This will allow the vast majority of F5 migrations to be completed without the requirement of manual configurations.
  • It will also make it easier for different backend groups to have different health checks.
  • All functions will have automatic testing and documentation.
  • Performance of everything will be much faster.

What features were recently completed?

NB. As of 25 September 2017, the current version is v8.3

  • SNI support in the web interface

  • Simple ACL redirects and rules with support for manual backend configurations

  • API & LBCLI improvements

  • AWS - Automatic one click integration with auto scaling groups

  • Complete re-write of the disaster recovery functionality NO DOWNTIME!

  • Several performance enhancements for specific types of traffic.

  • Overhaul of system overview (v7.6.4), dynamic graphing (v7.6.6) and dynamic numerical stats (slightly later) - OK, I promise this will be in v7.6.4! - now done.

  • Loads of improvements to the web interface in general, making it easy to use as well as nice to look at - 7.6.4

  • Re-write and enhancement of the initial configuration wizard(s) v7.6.6

  • Layer 7 external health checks i.e. NTLM proxy health checks v7.6.3

  • Layer 7 email alerts v7.6.6 - as usual we've released it open source before actually putting it in our product (how do we make any money anyway?)

  • Enhancements to layer 4 maintainability and matching behaviour to be similar to layer 7 (especially the fallback server) - v7.6.3

  • Hardware compatibility/performance updates for new hardware models i.e. Dell R220 -  v7.6.3

  • Moving the full v7.x application to the Amazon EC2 cloud platform.  - Long overdue.... December 1st? - v7.6.3 now done!

  • Kernel improvements for multiple hyper-visor platforms VMWare, XEN, Hyper-V, KVM & EC2 - v7.6.3

  • Improvements to the layer 7 HAproxy stateful restart and replication model - v7.6.3

  • Automated contrack tuning and irq balance performance updates - v7.6.3

  • Re-write of the security model for pairing master and slave units - v7.6.5 - for full security compatibility with cloud platforms AWS and Azure.

  • Re-write of the user security model in the web interface

  • Performance and functionality improvements to the windows feedback agent v7.6.3 & 7.6.4

And then we have some features on the soon to be scheduled / wish list:

  • Full re-write of the High-Availability subsystem (heartbeat) focusing on stability and scalability and intelligence for multiple nodes.
  • Plug-in architecture and wizard for controlling the auto-scaling of backend servers in clusters - that would be fun/interesting.
  • Enhancements and intelligence into real server health monitoring
  • Port of the full product to Microsoft Azure cloud platform - in progress but trying to make the Kernel secure without access to the Microsoft source code is fun! - v7.6.3 done!
  • More wizards for setting up specific applications v7.6.6
  • Easy to use Denial of Service rules- manual config.
  • Simple rules to direct users to different clusters when the primary one is busy i.e. busy e-commerce site flood control - manual config.
  • Web user interface support for multiple backend clusters attached to front ends with rules i.e. server pools - v9
  • Multiple pools for health checks as above - v9
  • Easy and secure remote access to customer load balancers from Loadbalancer.org support staff
  • Easier integration of existing authentication methods i.e. RADIUS/LDAP/Active Directory

The following features are something that we're interested in doing but only if done really well:

  • WAF / Mod_Security:   Actually, we have been doing quite a lot of work on this already. However as it is such an enormous resource hog (especially memory) we are working to ensure that our Layer 7 rate limiting enables seamless protection for each WAF instance by default , because the last thing we want is the WAF itself being an easy way to DOS our load balancer!
    • UPDATE: the WAF will be in 7.6.5 - (which marketing have forced us to call v8).
    • BTW: In the process of designing our WAF implementation we've been having a lot of conversations with Sucuri, these guys are awesome and know everything about web application firewalls and denial of service protection. Sucuri are also way more friendly than [Incapsula] (https://www.incapsula.com/)(who were impossible to get any straight answers from).
    • UPDATE: Big performance updates for the WAF went into v8.2.5, we also added the new double login and Google Authentication features.

Things we are not doing:

  • SNORT - Why?
  • Iphone/Ipad/Android apps
  • GSLB (But ironically we are doing a managed cloud service for GSLB)
  • Graphical firewall
  • Firewall load balancing - We could ask Horms very nicely to modify the Linux Kernel for this...maybe...
  • Bridge based load balancing - Yuck...But a LOT of people use Web Filters and WAFs in bridge mode so something like the Net Optics xbalancer solution makes sense.
  • Link balancing - Really? , I don't think so.
  • TMG SSO replacements - Yuk. Although, Andrew might look into doing this during his downtime (our developers get 14 hours a week free/fun/downtime).
  • Making anything more complicated, or harder to use....

Obviously this blog post needs a lot of work...and will change rapidly...please comment below, thanks.