Sun goes virtual route with N2120V content switch

Sun has entered the crowded content-switching market with a novel twist: Its Sun Secure Application Switch N2120V lets users define multiple switching and routing domains on a single box, and it faces our Clear Choice Test.

Sun has entered the crowded content-switching market with a novel twist: Its Sun Secure Application Switch N2120V lets users define multiple switching and routing domains on a single box.


How we did it

Archive of Network World tests

Subscribe to the Network Product Test Results newsletter


In our Clear Choice Test of this switch, we found it relatively easy to set up multiple domains. Performance also was good, with support for up to 1.25 million concurrent connections and as many as 230,000 new connections set up each second, making the Sun box a fit for all but the very largest data centers .

N2000 series switches, which Sun picked up with its Nauticus acquisition in 2004, offer many of the same features as competing application acceleration devices from Array, Citrix, Crescendo, F5 Networks, Foundry Networks and Juniper, including load balancing, content switching, TCP multiplexing, SSL acceleration and protection against denial-of-service attacks .

Virtualization is where the N2000 devices differ. The Sun N2120V lets users define multiple switch and router instances (called vswitches and vrouters) on the same hardware, each with unique broadcast domains. One N2120V can be configured with up to 10 instances of virtual switches and routers, each with routing tables that can reuse the same address space. Virtual switches and routers also can span multiple physical devices, with up to 128 interfaces per vrouter.

Virtualization is useful for companies looking to partition routing information between different divisions, locations or customers. This feature also lets network managers define different domains, or tiers, based on application type.

A vswitch sitting in the access tier of the Sun box provides clients with a single virtual IP address, behind which there might be dozens or hundreds of servers, often using private addresses that require network address translation. A load balancer in the Web tier parcels out client requests to Web servers. Often embedded in these Web requests are calls to back-end databases or other applications in the application tier. A content vswitch with application awareness parses these calls and sends them to servers in the application tier.

While many vendors' application front-end devices can handle this three-tier design, Sun's device allows multiple instances of each tier to be defined on the same switch. For example, two sets of application tiers might be set up, one apiece for database and streaming media servers. With competing products, a separate physical device is needed for each tier to avoid overlapping address space.

Virtualization can enhance security because there is no leakage between different virtual domains. While the N2120V supports access control lists, Sun says they are not necessary because different virtual routers cannot reach one another.

While virtualization offers novel partitioning capabilities, the N2120V does not perform caching and cannot compress HTTP data, a useful method of speeding data delivery to users on low-speed dial-up or DSL lines.

Scaling up performance

In our performance tests, we assessed the N2120V as a content switch (that is, with application-layer content inspection enabled) and as a simple Layer 4 load balancer. In both configurations, we measured the device's concurrent connection capacity and maximum connection establishment rates (see How we did it ). The Sun switch proved to be highly scalable, in some cases posting numbers that reflected the limits of our test equipment rather than limits of the switch itself.

We configured the switch in a two-tiered configuration, with clients and a virtual IP address residing in an access tier, and Web and SSL servers and a load balancer residing in a Web tier.

We also set up an out-of-band Ethernet management port in the access tier. In this case we used the serial console to set the maximum number of concurrent telnet users to "0," a setting that usually means there is no maximum. However, with the N2120V, the setting means no one can use telnet, even if it's enabled. There are other cases where the command line interface (CLI) lacks polish. For example, its hierarchical menus resemble Cisco's IOS in some ways, but unlike IOS there is no way to restrict verbose output with a pipe command or regular-expression searching. The CLI also lacks connectivity tools such as a ping and telnet client.

We found the Web-based GUI faster and more intuitive. Once we located the various vswitches and vrouters, it was simple to monitor or reconfigure them with this interface. We also verified that the Flash-based animations in the GUI worked in multiple browsers, including Firefox, Internet Explorer and Safari.

With the Sun switch configured as a content switch, we measured Web and SSL scalability in terms of capacity (the maximum number of concurrent sessions the system can handle at one time) and rate (how quickly the device can set up new sessions).

N2120V CONTENT SWITCHOVERALL RATING
4.1
Company: Sun Cost: $49,087 as tested. Pros: Virtualization allows easy segmentation of groups of clients and servers; good performance; easy-to-use Web GUI. Cons: No caching, compression features; command line interface lacks polish.
The breakdown   

Virtualization features 30%

5
Performance 30%4
Content switching features 20%3
Management 20%4
TOTAL SCORE  4.1
Scoring Key: 5: Exceptional; 4: Very good; 3: Average; 2: Below average; 1: Consistently subpar

We used the Spirent Avalanche 2500 system to establish up to 230,000 unique HTTP 1.0 sessions at the same time. With HTTPS traffic we topped out at 144,000 concurrent sessions. In the rate tests, we established 59,501 HTTP sessions per second and 9,396 SSL sessions with the Sun device set up as a content switch. Both sets of results reflect the limits of our test bed and not the Sun switch.

We then configured the N2120V as a conventional load balancer, without the content inspection features enabled. Not surprisingly, the switch scales to higher levels when content inspection is disabled, handling up to 1.25 million concurrent HTTP 1.0 sessions. In the rate tests, we topped out at nearly 100, 977 connections per second. Once again, this rate was because of a limitation of our test bed. Sun says the system's actual limit is closer to 200,000 connections per second.

There are plenty of application acceleration devices on the market, each with high performance and a passel of properties that take them well beyond the conventional load balancer. Where the Sun device really shines is virtualization. It offers most of the same features as its competitors, but goes a step beyond in replicating those features as many times as users need them.

Newman is president of Network Test, an independent engineering services consultancy in Westlake Village, Calif. He can be reached at dnewman@networktest.com.

NW Lab Alliance

Newman is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.networkworld.com/alliance.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT