Foundry adds load-balancing, security features

Thwarting denial-of-service attacks, load balancing multiple ISP links and speeding Web services traffic - these are among the new features in Foundry Networks' ServerIron switches, the vendor announced last week.

Foundry's TrafficWorks Ironware 9.0 operating system - which runs the ServerIron switch - includes an XML switching component that could help users accelerate load balancing of XML-based traffic among servers running Web services applications. Other upgrades in the code are aimed at helping stop TCP ACK DoS offensives against servers, and another function allows for WAN-link load balancing for sites connected to multiple ISPs.

Industry watchers say hardware that improves the performance of XML-based traffic on a LAN or WAN could become an infrastructure must-have. They say companies with Web services strategies will become heavy XML users because XML is the core messaging protocol for platforms such as Microsoft .Net and Sun One.

The XML switching figures into the plans of Forbes.com, which has ServerIron 100 and ServerIronXL switches deployed to load balance dozens of Web content servers.

"The ability to load balance traffic based on XML data is of high value to us," says Mike Smith, CTO for Forbes.com. The Web site plans to roll out Web services applications this year to support the services for advertisers and readers.

"Supporting Web services will become a requirement [for load balancing equipment] as everyone in the industry starts to adopt .Net and Java [Web services] applications," he says.

Foundry's ServerIron family includes the ServerIron 100, 400 and 800 line of modular switches and the ServerIronXL fixed-configuration switch.

ServerIron is deployed as a load-balancing device, a capacity in which it identifies traffic based on Layer 4 server port information in packets, then sends traffic to the most available server. ServerIron also acts as an application switch, where it inspects Layer 7 application data in packets and applies traffic-handling policies based on more detailed criteria.

Besides XML support, TrafficWorks Ironware 9.0 includes faster packet processing for DoS attack prevention. Using Layer 4 packet inspection, ServerIron can identify typical DoS attacks that use large volumes of corrupted TCP messages and drop those packets before they reach a server. The new software speeds up ServerIron's TCP SYN and TCP ACK filtering to 1.5 million packet/sec, 15 times as fast as the previous software release.

Smith says he expects the higher-scale security inspection will help the site run smoothly during normal usage and peak periods, such as when Forbes publishes its annual "Forbes 500" or "World's Richest People" lists.

The ServerIron line competes with Cisco's CSS Web and load-balancing switches, Nortel's Alteon Layer 4 to Layer 7 switches, F5 Networks' BigIP load balancers and Radware's line of load-balancing and application switches.

The ServerIron product line netted Foundry about $44 million last year - about 15% of its sales. The company held about 10% of the $210 million Layer 4 to Layer 7 switch market in 2002, according to Gartner. The company was second to Cisco last year in terms of Layer 4 to Layer 7 port shipments, with 18% of the 225,100 ports shipped, the research firm says.