IT Leadership

EXPERT ADVICE

Wrangling and Roping Network Traffic With App Delivery Controllers

Information technology plays a vital role in today’s business environment. Well-designed and developed applications are a key element for success — particularly for organizations that rely on the Web and intranet for conducting business with customers and communicating with partners and employees. The process for launching new applications begins with software developers’ handing off their applications to network professionals for deployment over IP (Internet protocol) networks.

However, in most cases the applications have not been optimized to run on a network, but rather they are based on the work requirements of a particular department or business-line function. Consequently, network managers are being challenged to enable these applications in such a way as to continue to meet network performance expectations when competing with a variety of other critical applications and other network-specific factors. From a network security standpoint, one of this year’s hot Web threats has to do with exploiting vulnerabilities caused by poor Web application programming practice, notably cross-site scripting and data harvesting by SQL injection.

Traffic Cop

To optimize applications that were not optimally developed to run over IP networks, application delivery controllers (ADCs) have evolved to ensure that applications are delivered reliably and quickly. In the most general sense, a completely transparent ADC is one that can be added to an existing network without requiring reconfiguration of any existing network elements or end systems, and without disrupting any services that are provided within the network. ADCs are in a unique position for managing applications and user traffic to those applications. ADCs can provide load balancing, content switching, SSL (secure sockets layer) offload/acceleration and content caching and compression. ADCs are able to intelligently and efficiently distribute Web and intranet traffic across two or more application servers based on a series of traffic rules, and offload servers by caching and compressing content, and setting up and tearing down SSL communications from application servers. ADCs optimize application server resources and place traffic on the best-performing servers to ensure users get to the applications quickly, and secure transactions can be completed without interruption. This article will explain how an ADC can help IT personnel more easily and flexibly overcome high application demands and network capacity issues.

There are many examples of needing the right tool for the right job, and the mismatch between application and infrastructure. Have you ever seen too many cars try to jam through a lane merger to exit a parking lot, perhaps after a concert or sporting event? Recently, Apple launched its iPhone 3G. Millions of consumers camped out at their local Apple stores to purchase and activate the new device. Apple’s servers quickly became overloaded and unable to accommodate customer demand. The application did not fit the network capacity. While the Apple incident is an out-of-the-ordinary occurrence that would be likely to tax any Web site or network, e-commerce-based businesses must deal with significant network traffic issues on a daily basis.

Why Does Network Congestion Happen?

An application may have been designed to work on a certain type of network such as client/server, and if a business decides to port the application to a Web platform, certain aspects of the application such as response time may suffer because the means by which the data is accessed has changed.

Overlooking the generalization, some — but not all — application developers may focus on the application, the user interface, usability and robustness, but give little thought to how the application will work over the Web or intranet. It all depends on the application developer framework that the developers were using and the degree to which its capabilities enable performance and bandwidth testing. There is testing equipment available that simulates the network environment, but testing can be complicated, resource-intensive and can significantly delay the delivery of the application. More often than not, application developers leave it to the network managers to figure out how to support the application, while keeping the network running effectively with high-availability and quality of service. Even when application developers are astute, they still face the issue of balancing the resource needs of an application with the issues of ease-of-use and productivity.

The result is that while application developers focus on design and graphical elements to make an application more visually appealing to a user, network management is faced with optimizing the network to run the application so it is not slowed by multiple people accessing the application simultaneously; i.e. all hitting ‘send’ to purchase tickets in the first few minutes they go on sale. An application may have been originally designed to support a limited number of users, and then the company decides to expand an internally used application to suppliers and customers. Consequently, the IT department must determine how to scale the application and optimize performance.

Application Delivery Controllers

An ADC can certainly support business continuity, and while not a panacea, ADCs aid in network scalability without requiring the network or application to be re-architected. An ADC enables flexible and cost-efficient scaling of application performance by distributing user requests across multiple servers within a server farm. As user traffic increases, additional servers can be easily and seamlessly added to the group without interrupting user access. An ADC can measure elements such as the number of concurrent connections, memory utilization and much more. They can also offload high-computational functionality from servers to increase their ability to deliver the applications quickly. ADCs are in a uniquely favorable network position to intercept attacks such as cross-site scripting and data harvesting by SQL injection, since all Web traffic load balanced with an ADC must pass through it.

With an ADC, the overloaded and “ill-fitting” application experience can be alleviated. For example, a widget maker has an internal client/server-based enterprise resource planning system (ERP). Management decides to expand the system and include the ability to offer its products online to customers and partners. The application engineers must design a Web application that will integrate with the ERP back-end. If the application has not been developed with the network in mind, the back-end system will consequently slow down to a crawl or crash when it can no longer handle the extra traffic load. Using an ADC can solve this load and scalability problem. The ADC is a proxy device that distributes traffic across multiple servers. Moreover, an ADC is not application-specific, therefore multiple applications can run through an ADC, which also means that an ADC offers pure economics of scale for sharing resources across the applications. The widget maker is able to scale its applications without reconfiguring existing network elements or end systems.

(click on image to enlarge)

An ADC acts as a traffic cop between the servers and the users, directing traffic and accelerating response times. An ADC creates a virtual service, whereby all incoming traffic goes through the ADC’s IP address. A virtual service is the primary mechanism that the ADC uses to manage and track traffic. Each service that an ADC manages has at least one virtual service associated with it. A virtual service is a combination of a virtual IP address and a virtual port. The ADC’s IP address is the address advertised to the users, while all the application servers and their IP addresses behind the ADC are hidden to outside users. One of the many benefits of this capability emerges when a server needs to be repaired or taken out of service; its address is not known by outside users; thus, they will not be affected. The ADC will direct them to the other servers that are best suited to handle their requests based on server availability and other criteria.

Carrying the Load

ADCs offer benefits associated with a site’s performance, reliability, offloading and accelerating SSL traffic. They also enable persistent connections to allow users to complete transactions. Performance is an important criterion for any piece of networking equipment, but it is critical for a device such as an ADC, because datacenters are central points of aggregation. As such, the ADC needs to be able to support the extremely high volumes of traffic transmitted to and from servers. A simple definition of performance is how many bits per second the device can support. While this is extremely important, in the case of ADCs, other key measures of performance are equally significant, such as how many Layer 4 and 7 connections can be supported, how many SSL setups and teardowns can be supported, and many other factors that affect performance.

High availability provides the resilience a site needs to ensure that the site is always up and running, even if a server fails. ADCs provide high availability by automatically detecting the failure of a server and repartitioning user traffic among the remaining servers while providing users with continuous service. High availability can also be enabled by using a pair of ADCs, with one acting as the primary and a second as a hot standby.

Placing SSL acceleration on the ADC rather than on the server increases the server’s ability to perform the task of delivering the application requests, which in turn allows a site to handle more business transactions, and provides faster transaction handling. The SSL session is terminated at the ADC; therefore, it is able to perform the identical Layer 7 functions that are done with non-SSL HTTP (hypertext transfer protocol), including content switching, cookie persistence and intrusion detection/prevention. Encrypting and decrypting is a CPU-intensive operation. Servers have to work harder when handling SSL pages. A server farm may be delivering Web applications; however, if they spend a considerable portion of their available resources doing the encryption and decryption, Web site performance will drop.

(click on image to enlarge)

The early generations of ADCs, also known as “load balancers,” operated at the transport layer (layer 4). The newer ADCs also manage the application layer (layer 7). While the older load balancers made routing decisions based on information in TCP/IP headers, ADC Layer 7 devices may also direct traffic to different servers based on application-level criteria. The Layer 7 ADCs also look at cookies in the application header to enable persistence. Although, as a general rule, ADCs distribute traffic among application servers, there are certain instances in which traffic needs to be delivered to the same application server every time the user accesses the site. For example, the ADC will return a user to an application server storing certain customer or employee information.

The ADC also helps to eliminate bottlenecks by compressing and caching of objects. Rather than having the server handle application requests for the cached objects, the ADC handles them directly by offloading certain content requests from the server. Moreover, the compression and local caching help eliminate network congestion and free up bandwidth.

Until recently, ADCs have been mostly used by larger enterprise organizations. However, that has changed now that value vendors are offering affordable ADC products to meet the needs of small- to medium-sized businesses for maintaining the integrity of their Web sites.

In Summary

Today’s Web and application infrastructure continues to get more complex while dealing with ever-increasing demands from customers, partners and employees. Developing applications that run over unreliable and inconsistent networks and face the unpredictable challenges of traffic spikes is difficult at best.

Application delivery controllers allow IT organizations to flexibly scale, manage and service application and server infrastructure to meet these growing demands. Applications that were not developed to deal with the dynamic nature of the Web, the performance factors of the servers that run the applications, and the network security risks, can now rely on ADCs to keep them running reliably, performing optimally and secure.


Kevin Mahon is founder and president of Kemp Technologies, a provider of application delivery controllers and server load balancing appliances for small and medium-sized businesses.


Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Elon Musk's Dec. 2 action to release The Twitter Files: Approve or Disapprove?
Loading ... Loading ...

LinuxInsider Channels