Introducing the Application Delivery Top 10

Tahawul Tech

31-01-2025

Lori MacVittie, F5 Distinguished Engineer, discusses the top challenges organisations encounter on their journey to deliver and secure every application and API, anywhere.
There are a lot of 'top 10' lists in the industry. Predictions, mostly, but the ones that stick are the ones that provide insight into the top challenges faced by organisations trying to deliver and secure applications and APIs.
Well, to be fair, most of the best-known top 10 lists are about security.
The Open Worldwide Application Security Project (OWASP) has built and maintained several lists that help organizations every day keep their applications, APIs, and now LLMs, secure from the incredibly robust array of attacks that threaten to disrupt business.
But no one to date has a top 10 list of challenges that threaten the delivery of applications, APIs, and, yes, generative AI.
Until now.
Application delivery may have started with the simple—but powerful—load balancing proxy, but it has evolved along with applications to incorporate a wide array of capabilities designed to ensure availability, enhance performance, and secure the increasingly important digital assets that power today's Internet economy.
F5 has been there through every major application shift since the early days of the Internet. We've seen it all through the eyes of our customers. From that experience we've come to understand the most common challenges organisations face—and how to solve them.
Based on that, we decided it was time to share that knowledge. And, thus, was born the Application Delivery Top 10.
The Application Delivery Top 10 is a list of the top 10 challenges organisations encounter on their journey to deliver and secure every application and API, anywhere.
It is our belief that sharing such a list will enable organisations to address—or even better, avoid struggling with—the challenges of delivering and securing a hybrid, multicloud application and API portfolio.
Like the OWASP Top 10, this list is not designed to be a 'one and done' effort or encompass every delivery challenge organisations will face.
That's why we plan to reexamine the list and, if necessary, update it on an annual basis.
Weak DNS Practices
The Domain Name System (DNS) is a critical component of the internet's infrastructure, translating domain names into IP addresses to route user requests to the appropriate servers. However, weak DNS practices can compromise application performance, availability, and scalability.
It can also significantly degrade application performance by increasing query response times and causing delays in resolving domain names. When Time-to-Live (TTL) settings – numerical values that indicate how long a data packet or record should exist on a network before it is discarded – are too low, DNS queries must be resolved more frequently. This increases the load on DNS servers and slows down application response time.
Additionally, improperly configured DNS servers or the lack of DNS security features like DNS Security Extensions (DNSSEC) can introduce delays by allowing unauthorized users to hijack or redirect traffic to slower or malicious servers.
Weak DNS practices can severely impact the performance, availability, scalability, and operational efficiency of applications. However, by implementing DNSSEC, optimising TTL settings, and securing dynamic DNS updates, organisations can mitigate these risks and create a more reliable DNS infrastructure.
Lack of Fault Tolerance and Resilience
The lack of fault tolerance and resilience in application delivery strategies can lead to significant performance issues, reduced availability, and scalability limitations. By implementing load balancing, failover mechanisms, and programmable infrastructure, organisations can create a more resilient system that supports continuous availability and optimal performance, even under challenging conditions. Emphasizing fault tolerance enhances user experience, reduces operational overhead and supports efficient scalability, ensuring that applications can meet the demands of today's fast-paced digital environment.
Incomplete Observability
Observability is a critical aspect of modern application delivery, providing visibility into the health, performance, and usage of applications and infrastructure.
Poor visibility becomes particularly problematic in complex environments, such as AI-driven applications, where real-time insights are essential.
Ultimately, incomplete observability in application delivery can lead to performance degradation, reduced availability, limited scalability, and operational inefficiencies. By implementing comprehensive monitoring and logging, adopting standardised observability with OpenTelemetry, and utilizing dynamic alerting with automated responses, organisations can overcome these challenges.
Insufficient Traffic Controls
Effective traffic management is essential for delivering a seamless user experience, particularly as applications scale to support larger audiences and more dynamic workloads. However, insufficient traffic controls can lead to issues like overloading backend services, susceptibility to Distributed Denial of Service (DDoS) attacks, and inefficient resource usage.
By implementing rate limiting, throttling, and caching mechanisms, organisations can manage traffic more effectively, prevent service disruptions, and support scalable growth.
Emphasising robust traffic management practices is essential for delivering high-performance, resilient applications that can adapt to changing user demands and provide a consistent experience across diverse environments.
Unoptimised Traffic Steering
Unoptimised traffic steering—caused by static routing policies, lack of dynamic decision-making, or insufficient load-balancing algorithms—can lead to performance bottlenecks, inconsistent availability, and limited scalability.
In AI-driven applications, where processing needs can vary based on data types and user demand, efficient traffic steering is essential for maintaining responsiveness.
By adopting best practices such as dynamic routing, intelligent load balancing, and programmable ADCs, organisations can optimize traffic flows, improve resource utilisation, and ensure that applications meet variable demand.
Inability to Handle Latency
Latency is a key factor affecting application delivery, particularly in data-intensive environments like AI applications. The inability to handle latency effectively can lead to performance issues, reduced availability, and limited scalability, especially as applications grow and user demands fluctuate. Latency bottlenecks result from various issues, such as suboptimal data routing, inefficient processing, and inadequate resource allocation.
By implementing optimized data routing, edge computing, and adaptive resource allocation, organisations can mitigate latency challenges and support a high-performance, resilient infrastructure.
Incompatible Delivery Policies
In hybrid multicloud environments, incompatible delivery policies can pose significant challenges to application performance, availability, scalability. It can also lead to soaring operational overheads. Incompatibilities of this nature often arise when organisations use multiple cloud providers, each with unique traffic routing, security, and data handling protocols.
According to LoadView, a leading cloud-based load testing platform, applications with inconsistent delivery policies across multiple regions experience 50% more latency in cross-border data transfers than those with region-specific optimisations.
By standardising metrics, aligning service capabilities, and leveraging programmable infrastructure, organisations can overcome these challenges.
Emphasising consistency and flexibility in delivery policies ensures that applications can maintain high performance, availability, and scalability across a hybrid multicloud infrastructure.
Lack of Security and Regulatory Compliance
As governments worldwide enforce stricter laws on data sovereignty, security, and privacy, regulatory compliance has become essential. Organisations failing to meet these regulations exposes applications to security vulnerabilities and introduces performance bottlenecks and scalability constraints. These challenges are particularly prevalent in AI-driven applications.
By implementing strong encryption, utilizing Federal Information Processing Standards (FIPS)-compliant devices, and adopting automated compliance tools, organisations can address these risks and support secure, scalable, resilient and compliant application delivery.
Bespoke Application Requirements
As digital applications become increasingly specialised, organisations are often faced with unique requirements that standard infrastructure cannot support.
Programmability within the application delivery infrastructure offers a powerful solution to such challenges, enabling organisations to tailor their infrastructure to support complex, customised requirements.
Bespoke application requirements often challenge traditional application delivery solutions, as they require customisation that standard infrastructure cannot provide. By leveraging programmability within the application delivery infrastructure, organisations can adapt to these unique demands, ensuring high performance, availability, and scalability.
Furthermore, programmable infrastructure enables seamless transitions, integrates new services efficiently, and supports custom load balancing, allowing organisations to deliver reliable and responsive services that meet the specific needs of their users.
Poor Resource Utilisation
Many organisations struggle with resource inefficiencies due to mismatched distribution algorithms or inadequate health check mechanisms.
These inefficiencies can lead to wasted compute power, increased operational overhead, and strained infrastructure, ultimately impacting performance, availability, and scalability.
By leveraging programmability, intelligent health checks, and dynamic traffic steering, organisations can optimise resource usage, improve application performance, and enhance scalability.
Full details of the Application Delivery Top 10, including mitigation best practices, can be found here: https://www.f5.com/resources/articles/the-application-delivery-top-10
Image Credit: F5