A few months ago we published a blog comparing the price and performance of NGINX Plus vs. F5 BIG‑IP hardware application delivery controllers (ADCs). In researching and publishing that blog, we learned that by moving from F5 BIG‑IP to NGINX Plus you can drastically reduce costs while maintaining the same feature set and level of performance.
In this blog we’re again comparing NGINX Plus price and performance, this time with Citrix NetScaler ADCs, and the results are just as strong as with F5 BIG‑IP ADCs. You can replace Citrix NetScaler ADCs with NGINX Plus and save up to 87% without any sacrifice in performance or critical features.
Editor – For more information about replacing hardware ADCs with NGINX Plus, see these resources.
- Migrating Layer 7 Logic from F5 iRules and Citrix Policies to NGINX and NGINX Plus
- NGINX Plus vs. F5 BIG‑IP: A Price‑Performance Comparison
- 5 Reasons to Switch from F5 BIG‑IP to NGINX Plus
- Migrating Load Balancer Configuration from Citrix NetScaler to NGINX Plus
- Migrating Load Balancer Configuration from F5 BIG‑IP LTM to NGINX Plus
As for F5, we’re comparing three simple, unambiguous performance metrics:
- HTTP requests per second (RPS)
- SSL/TLS transactions per second (TPS)
- HTTP throughput
For more details on the metrics, see Performance Metrics.
The metrics for Citrix NetScaler are from a published datasheet and pricing is from two sources: MacMall and this publicly available price list. For NGINX Plus, performance numbers are from the NGINX Plus Sizing Guide and hardware pricing is based on the list prices of Dell PowerEdge servers with the same specs as the Intel hardware that achieved the indicated result in our tests.
Citrix sells three “editions” of NetScaler, charging more for increasingly broad sets of features. The base Standard Edition of NetScaler doesn’t include content caching and compression – mandatory for high‑performance web applications – while NGINX Plus includes caching and compression at no additional cost. For a valid comparison with NGINX Plus, we used the figures from the more expensive Enterprise Edition.
Note: The costs listed in the tables were accurate at the time of publication, but are subject to change over time.
Let’s review the findings.
NGINX Plus vs. Citrix NetScaler MPX‑5550
The table compares the entry‑level Citrix NetScaler MPX‑5550 with NGINX Plus running on a similarly sized bare‑metal server, the Dell PowerEdge R220 with a 4‑core CPU upgrade.
|Citrix NetScaler MPX‑5550 Enterprise Edition||NGINX Plus (Dell R220)|
|Total Cost (Year 1)||$27,360||$3,600
|Total Cost (Year 3)||$34,080||$8,600
|Total Cost (Year 5)||$40,800||$13,600
As discussed further in Comparing Throughput, the 0.5 Gbps throughput metric for the NetScaler MPX‑5550 is an artificial cap that Citrix imposes. NGINX Plus does not impose any caps, meaning you get to use the full capacity of the hardware you’ve purchased.
NGINX Plus vs. Citrix NetScaler MPX‑8005
The table compares the mid‑level Citrix NetScaler MPX‑8005 with NGINX Plus running on a similarly sized bare‑metal server, the Dell PowerEdge R430 with an 8‑core CPU upgrade.
|Citrix NetScaler MPX‑8005 Enterprise Edition||NGINX Plus (Dell R430)|
|Total Cost (Year 1)||$41,300||$6,900
|Total Cost (Year 3)||$53,900||$13,900
|Total Cost (Year 5)||$66,500||$20,900
NGINX Plus vs. Citrix NetScaler MPX‑8600
The table compares the higher‑end Citrix NetScaler MPX‑8600 with NGINX Plus running on a similarly sized bare‑metal server, a Dell PowerEdge R730 with dual 18‑core CPU upgrade.
|Citrix NetScaler MPX‑8600 Enterprise Edition||NGINX Plus (Dell R730)|
|Total Cost (Year 1)||$61,360||$15,500
|Total Cost (Year 3)||$80,080||$22,500
|Total Cost (Year 5)||$98,800||$29,500
In each of our three comparisons, the Citrix NetScaler and NGINX Plus systems boast roughly equal performance for HTTP requests per second and SSL/TLS transactions per second – though NGINX Plus achieves those numbers at a cost savings of more than 70% at every point.
In terms of throughput, however, the NetScaler systems are not even in the same ballpark as NGINX Plus. Citrix artificially caps throughput on its systems, with steep pricing penalties for exceeding the limits.
To summarize the numbers:
- Throughput on the Citrix systems is capped at 0.5 Gbps at the low end and 6 Gbps at the high end
- Throughput on the comparable NGINX Plus systems ranges from 20 Gbps to 35 Gbps
The NGINX Plus systems outperform the Citrix systems on throughput by a factor of 5x to 40x. When you take price into account, NGINX Plus systems give you as much as 150 times better price‑performance for throughput than Citrix systems.
Citrix’s tight throughput caps are even lower than the caps F5 imposes on its ADCs. The caps cause serious technical and business problems for owners of Citrix systems, who frequently cite them as a primary reason for switching – often quite rapidly – to alternatives such as NGINX Plus.
NGINX Plus’ far higher throughput, and even greater price‑performance numbers, give owners of our systems great freedom and flexibility in making purchasing, development, and deployment decisions.
Reporting Results for Modern SSL/TLS Requirements
In accordance with current SSL/TLS best practices, we used the ECDHE‑RSA‑AES256‑GCM‑SHA384 cipher suite when measuring SSL/TLS transactions per second (TPS) for NGINX Plus. The suite uses Ephemeral Elliptic curve Diffie‑Hellman key exchange (ECDHE), AES, and SHA384. We also used an RSA 2048‑bit key for valid comparison with the performance figures on the Citrix NetScaler datasheets.
The ECDHE‑RSA‑AES256‑GCM‑SHA384 cipher suite provides Perfect Forward Secrecy (PFS), which ensures that encrypted traffic this is captured now can’t be decrypted at a later time, even if the private key is compromised. PFS is becoming a ‘must have’ in the current security climate. For example, Apple is mandating that iOS9 apps communicate using PFS.
The Citrix datasheet does not reveal the cipher used, but it probably didn’t include PFS, which adds a performance penalty. Citrix NetScaler implements the ECDHE cipher in software.
Readers should bear in mind the challenge of comparing SSL/TLS performance when different ciphers offer a tradeoff between security and speed, given that the NGINX Plus systems match or outperform much higher‑priced Citrix systems in SSL/TLS performance.
Our customers report significant cost savings from switching from hardware appliances to NGINX Plus solutions with equivalent performance. Our own performance measurements and pricing analysis for Citrix NetScaler systems support this – for the simple use cases we examined, we saw between 76% and 89% cost savings in Year 1.
What makes NGINX Plus so different? We don’t bundle hardware with software, and we don’t apply an artificial throughput cap on our software. With NGINX Plus, you are free to select the most cost‑effective hardware for your needs. We don’t force you to accept hardware that doesn’t meet your company’s internal standards, nor are you obliged to overprovision hardware now in anticipation of growth in traffic or application complexity that might arise in 2 to 3 years’ time.
The data used to create this cost comparison was gathered from multiple sources:
- All NGINX Plus testing was done using three servers with a single 36-core CPU in each. The servers were configured in a standard client → proxy → server topology.
- To get metrics for different numbers of CPU cores, the number of CPU cores in use was varied.
- Hardware specifications and performance metrics for NetScaler appliances are from the Citrix NetScaler datasheet. We did not test Citrix NetScaler hardware ourselves.
The hardware used to benchmark NGINX Plus was loaned by Intel.
The following performance metrics are compared in this report:
- Requests per second (RPS) – Measures the ability to process HTTP requests. In our tests for NGINX Plus, clients send requests over keepalive connections. NGINX Plus processes each request and forwards it to the web server over another keepalive connection.
- SSL/TLS transactions per second (TPS) – Measures the ability to process new SSL/TLS connections. In our tests for NGINX Plus, clients send a series of HTTPS requests, each on a new connection. NGINX Plus parses the requests and forwards them to the web server over an established keepalive connection. The web server sends back a 0 byte response for each request.
- Throughput – Measures the throughput sustained when serving large files over HTTP.