NGINX.COM
Web Server Load Balancing with NGINX Plus

In this blog we compare the price and performance of NGINX Plus versus Citrix NetScaler [Editor – now called Citrix ADC] application delivery controllers (ADCs). Our testing reveals that you can replace Citrix NetScaler ADCs with NGINX Plus and save up to 87% without any sacrifice in performance or critical features.

Editor – For more information about replacing hardware ADCs with NGINX Plus, see our blog post, Migrating Layer 7 Logic from F5 iRules and Citrix Policies to NGINX and NGINX Plus, and deployment guides:

We’re comparing three simple, unambiguous performance metrics:

  • HTTP requests per second (RPS)
  • SSL/TLS transactions per second (TPS)
  • HTTP throughput

For more details on the metrics, see Performance Metrics.

The metrics for Citrix NetScaler are from a published datasheet and pricing is from two sources: MacMall and this publicly available price list. For NGINX Plus, performance numbers are from the NGINX Plus Sizing Guide and hardware pricing is based on the list prices of Dell PowerEdge servers with the same specs as the Intel hardware that achieved the indicated result in our tests.

Citrix sells three “editions” of NetScaler, charging more for increasingly broad sets of features. The base Standard Edition of NetScaler doesn’t include content caching and compression – mandatory for high‑performance web applications – while NGINX Plus includes caching and compression at no additional cost. For a valid comparison with NGINX Plus, we used the figures from the more expensive Enterprise Edition.

Note: The costs listed in the tables were accurate at the time of publication, but are subject to change over time.

Let’s review the findings.

NGINX Plus vs. Citrix NetScaler MPX‑5550

The table compares the entry‑level Citrix NetScaler MPX‑5550 with NGINX Plus running on a similarly sized bare‑metal server, the Dell PowerEdge R220 with a 4‑core CPU upgrade.

Citrix NetScaler MPX‑5550 Enterprise Edition NGINX Plus (Dell R220)
Cost
Hardware $24,000 $1,100
8×5 Support $3,360 $2,500
Total Cost (Year 1) $27,360 $3,600
(87% savings)
Total Cost (Year 3) $34,080 $8,600
(75% savings)
Total Cost (Year 5) $40,800 $13,600
(67% savings)
Performance Metrics
HTTP RPS 175,000 175,000
SSL/TLS TPS 1,500 1,700
Throughput (Gbps) 0.5 20

As discussed further in Comparing Throughput, the 0.5 Gbps throughput metric for the NetScaler MPX‑5550 is an artificial cap that Citrix imposes. NGINX Plus does not impose any caps, meaning you get to use the full capacity of the hardware you’ve purchased.

NGINX Plus vs. Citrix NetScaler MPX‑8005

The table compares the mid‑level Citrix NetScaler MPX‑8005 with NGINX Plus running on a similarly sized bare‑metal server, the Dell PowerEdge R430 with an 8‑core CPU upgrade.

Citrix NetScaler MPX‑8005 Enterprise Edition NGINX Plus (Dell R430)
Cost
Hardware $35,000 $3,400
24×7 Support $6,300 $3,500
Total Cost (Year 1) $41,300 $6,900
(83% savings)
Total Cost (Year 3) $53,900 $13,900
(74% savings)
Total Cost (Year 5) $66,500 $20,900
(69% savings)
Performance Metrics
HTTP RPS 375,000 650,000
SSL/TLS TPS 6,500 6,500
Throughput (Gbps) 5 35

NGINX Plus vs. Citrix NetScaler MPX‑8600

The table compares the higher‑end Citrix NetScaler MPX‑8600 with NGINX Plus running on a similarly sized bare‑metal server, a Dell PowerEdge R730 with dual 18‑core CPU upgrade.

Citrix NetScaler MPX‑8600 Enterprise Edition NGINX Plus (Dell R730)
Cost
Hardware $52,000 $12,000
24×7 Support $9,360 $3,500
Total Cost (Year 1) $61,360 $15,500
(75% savings)
Total Cost (Year 3) $80,080 $22,500
(72% savings)
Total Cost (Year 5) $98,800 $29,500
(70% savings)
Performance Metrics
HTTP RPS 900,000 1,200,000
SSL/TLS TPS 9,000 10,000
Throughput (Gbps) 6 35

Comparing Throughput

In each of our three comparisons, the Citrix NetScaler and NGINX Plus systems boast roughly equal performance for HTTP requests per second and SSL/TLS transactions per second – though NGINX Plus achieves those numbers at a cost savings of more than 70% at every point.

In terms of throughput, however, the NetScaler systems are not even in the same ballpark as NGINX Plus. Citrix artificially caps throughput on its systems, with steep pricing penalties for exceeding the limits.

To summarize the numbers:

  • Throughput on the Citrix systems is capped at 0.5 Gbps at the low end and 6 Gbps at the high end
  • Throughput on the comparable NGINX Plus systems ranges from 20 Gbps to 35 Gbps

The NGINX Plus systems outperform the Citrix systems on throughput by a factor of 5x to 40x. When you take price into account, NGINX Plus systems give you as much as 150 times better price‑performance for throughput than Citrix systems.

Citrix’s tight throughput caps are even lower than some other hardware ADCs. The caps cause serious technical and business problems for owners of Citrix systems, who frequently cite them as a primary reason for switching – often quite rapidly – to alternatives such as NGINX Plus.

NGINX Plus’ far higher throughput, and even greater price‑performance numbers, give owners of our systems great freedom and flexibility in making purchasing, development, and deployment decisions.

Reporting Results for Modern SSL/TLS Requirements

In accordance with current SSL/TLS best practices, we used the ECDHE‑RSA‑AES256‑GCM‑SHA384 cipher suite when measuring SSL/TLS transactions per second (TPS) for NGINX Plus. The suite uses Ephemeral Elliptic curve Diffie‑Hellman key exchange (ECDHE), AES, and SHA384. We also used an RSA 2048‑bit key for valid comparison with the performance figures on the Citrix NetScaler datasheets.

The ECDHE‑RSA‑AES256‑GCM‑SHA384 cipher suite provides Perfect Forward Secrecy (PFS), which ensures that encrypted traffic this is captured now can’t be decrypted at a later time, even if the private key is compromised. PFS is becoming a ‘must have’ in the current security climate. For example, Apple is mandating that iOS9 apps communicate using PFS.

The Citrix datasheet does not reveal the cipher used, but it probably didn’t include PFS, which adds a performance penalty. Citrix NetScaler implements the ECDHE cipher in software.

Readers should bear in mind the challenge of comparing SSL/TLS performance when different ciphers offer a tradeoff between security and speed, given that the NGINX Plus systems match or outperform much higher‑priced Citrix systems in SSL/TLS performance.

Conclusion

Our customers report significant cost savings from switching from hardware appliances to NGINX Plus solutions with equivalent performance. Our own performance measurements and pricing analysis for Citrix NetScaler systems support this – for the simple use cases we examined, we saw between 76% and 89% cost savings in Year 1.

What makes NGINX Plus so different? We don’t bundle hardware with software, and we don’t apply an artificial throughput cap on our software. With NGINX Plus, you are free to select the most cost‑effective hardware for your needs. We don’t force you to accept hardware that doesn’t meet your company’s internal standards, nor are you obliged to overprovision hardware now in anticipation of growth in traffic or application complexity that might arise in 2 to 3 years’ time.

To gauge NGINX Plus performance for yourself, start your free 30-day trial today or contact us to discuss your use cases.


Appendix

Testing Details

The data used to create this cost comparison was gathered from multiple sources:

  • All NGINX Plus testing was done using three servers with a single 36-core CPU in each. The servers were configured in a standard client → proxy → server topology.
  • To get metrics for different numbers of CPU cores, the number of CPU cores in use was varied.
  • Hardware specifications and performance metrics for NetScaler appliances are from the Citrix NetScaler datasheet. We did not test Citrix NetScaler hardware ourselves.

The hardware used to benchmark NGINX Plus was loaned by Intel.

Performance Metrics

The following performance metrics are compared in this report:

  • Requests per second (RPS) – Measures the ability to process HTTP requests. In our tests for NGINX Plus, clients send requests over keepalive connections. NGINX Plus processes each request and forwards it to the web server over another keepalive connection.
  • SSL/TLS transactions per second (TPS) – Measures the ability to process new SSL/TLS connections. In our tests for NGINX Plus, clients send a series of HTTPS requests, each on a new connection. NGINX Plus parses the requests and forwards them to the web server over an established keepalive connection. The web server sends back a 0 byte response for each request.
  • Throughput – Measures the throughput sustained when serving large files over HTTP.

To find out how NGINX Plus performs in your environment, start your free 30-day trial today or contact us to discuss your use cases.

Hero image
Cut Costs and Increase Flexibility

See why software load balancers are ideal for your applications



About The Author

Faisal Memon

Software Engineer

About F5 NGINX

F5, Inc. is the company behind NGINX, the popular open source project. We offer a suite of technologies for developing and delivering modern applications. Together with F5, our combined solution bridges the gap between NetOps and DevOps, with multi-cloud application services that span from code to customer.

Learn more at nginx.com or join the conversation by following @nginx on Twitter.