Skip Links

How to shop for Application Delivery Controllers

By Scott Hogg, Network World
February 13, 2012 12:08 AM ET

Network World - The key difference between Application Delivery Controllers (ADC) is the way they can be integrated into your organization's network topology. Most organizations may deploy a server load balancer/ADC in-line as a Layer-3 reverse-proxy-server.

This configuration requires public/global addresses on the external interface and private addresses on the internal interface. On the back-end, IPv4 servers use RFC1918 IPv4 addresses, but with IPv6 it is not necessary to use private Unique Local Addresses (ULA) for the internal networks. ADCs that operate this way are fully-stateful and perform TCP Normalization and traffic inspection, which benefits security.

RELATED: The ABCs of ADCs

Other products may operate virtually in-line as a proxy server, but not be directly in the traffic path. These solutions may require the use of source-NAT, Policy-Based Routing, or act as the server's default gateway to force the traffic through the ADC. These products can allow Direct Server Return and may lack stateful awareness of the connections.

Other systems may operate at Layer-2 and create a bridge between two virtual LANs or subnets. These products may use a Bridges Virtual Interface or proxy and/or source-NAT to get the traffic to go through the appliance.

There are also more products being offered as a virtual appliance at the hypervisor layer. The server VMs use the virtual appliance as their proxy-server or default gateway. Many organizations prefer virtual appliance solutions because they are easy to test and can be deployed quickly with the virtual networking, virtual switch, and virtual firewalls being deployed in server-virtualization environments. These virtualization-layer products help organizations with their public or private cloud initiatives.

Another feature that is important for organizations using these IPv6-enabled ADCs to front-end IPv4-only web application servers is URL rewriting. If the external FQDN for the IPv6 Web site is different than the IPv4 internal web application's embedded links, then those links will need to be re-written to the IPv6-FQDN. This feature will ensure that the site does not automatically fall back to the IPv4-embedded links and keeps the client believing that the entire site is reachable over IPv6.

Return to main test.

Read more about lans & wans in Network World's LANs & WANs section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News