Honing your Application Delivery Platform: Buying the right ADCMay 3, 2017Categories: News. Tags: adc, network security, and security adc.
Buying the right ADC
Have you decided it’s time to consider a load balancer or Application Delivery Controller?. With prices that range from $2,000 to $150,000, performance claims eclipsing 2.6 million requests per second and diverse feature sets, you’ve got your work cut out for you in determining which approach — a Layer 4 switch or a full-blown Application Delivery Controller (ADC) — can best deliver what you need at the best price.
FROM LAYER 4 SWITCHES TO ADCS: HOW WE GOT HERE
When the first corporate LANs appeared, networks had only switches and routers. Actually, there were bridges before switches, but they performed the same task. These devices were invisible to most users and moved data between you and the servers you accessed — on the same LAN or across the Internet.
The switches were smart, but not too smart. In much the same way the postal service handles mail, switches and routers operating at Layer 2 (the data-link layer) and Layer 3 (the network layer) read the addressing information and delivered your data to the “addressee” machine. And just as the postal service delivers your mail unopened, switches and routers effectively do the same. They look at the address information, not the content of your data.
With the Internet came the great flood of data going to a single server. Consider Amazon. When Amazon first started growing, every user accessed a single server that was “Amazon.com.” It was obvious very early on that there would be a need for something more in the routers that sat in front of that beleaguered server. And that something would be transport Layer 4 switches.
At that point, these devices were generally referred to as load balancers because their initial task was to serve as a traffic cop. In our example, these load balancer switches sat in front of a farm of servers that distributed the user load across multiple back-end Web servers. It was a simple task for the Layer 4 switch to determine if one of the servers in a load-balanced group was unresponsive. It could then just bypass that server and use the remaining, functioning servers. Yet providing this function — among others that included sending Secure Socket Layer (SSL)-based shopping traffic to more powerful servers for processing — immediately triggered demands for more functionality and more intelligence.
Thus, the ongoing march from Layer 4 functionality to ADCs. Think of an ADC as a Layer 4 switch with additional functionality. But at its core, an ADC is still a Layer 4 switch.
DIFFERENT TYPES OF ADCS; SHARED RESPONSIBILITIES
Whether driven by hardware or software, different types of application delivery platforms have the same jobs to do. Let’s look at three common functions to help you decide what problems you’re trying to solve with an ADC.
- Simple load balancing: While the concept of Layer 4 switch load balancing may be almost two decades old, the function is still useful. Many enterprises may need nothing more than this basic functionality for their networks, or they may have older applications or server farms that simply need to be maintained in their current mode of operation.
The primary service provided by load balancers running this scenario is cookie persistence — an essential function that allows a load balancer to keep a given user session communicating with the same server. This does things like keep a shopping cart intact.
Source IP preservation is another common load balancer feature that maintains the original client-source address when passing the data on to the target server. Having this information allows the server to make processing decisions based on the general geographic region of the customer. Perhaps more important, it allows the server to send the response directly to the client system without having to traverse the load balancer on the outbound path. This speeds up processing by offloading that unnecessary hop from the load balancer, and eliminating whatever latency might be added on an outbound trip through the load balancer.
It’s important to note that all of the services provided by ADC/Layer 4 switch devices are proprietary in nature. While they deal with standard protocols and applications like TCP/IP and HTTP, they do so in non-standard, proprietary ways. So keep in mind that these guidelines are general and that a particular load balancer/ADC that you are considering might behave somewhat differently.
- Typical Web application delivery: At the next level, we progress from the traditional load balancer to the sophisticated ADC. Mainly, this involves options to insert and/or rewrite cookies and headers. This encapsulates the power of ADCs because by inserting and rewriting application headers, the ADC inserts itself into the application and can even modify application behavior.
For example, rewriting the URL on an outbound response allows the ADC to replace a “404 Page Not Found” error with something more useful, like a site map. This provides a tremendous amount of flexibility for server handling. In essence, the ADC allows you to add another layer to your application as it allows any and all data to be examined and modified before being passed on to the target server.
- Secure Web application delivery. Here, we simply take the powerful features outlined in the prior scenario and wrap them in an encrypted SSL session. The communication in the data center between the ADC and the servers takes place without encryption, and all external communication between client and ADC is encrypted.
Having the ADC handle the encryption process also offloads the compute-intensive function from application servers, allowing them to use their CPU resource to deliver applications.