• United States
by Erik Giesa, special to Network World

Apps switches boost availability

Jul 21, 20034 mins
Network Security

Layer 7 load balancing devices, also known as Web or application switches, can drill down into URLs or HTTP headers to direct requests. An emerging technology, deep packet inspection, allows these switches to gain an even better view of content.

Layer 7 load balancing devices, also known as Web or application switches, can drill down into URLs or HTTP headers to direct requests. An emerging technology, deep packet inspection, allows these switches to gain an even better view of content.

Web switches act as proxies for Web applications and servers sitting behind them. Users can virtualize an unlimited number of back-end Web applications and servers, providing better availability, scaling and performance. If an application or switch goes down, the switch directs client sessions to fail over to other available applications and servers without interrupting the client.

Non-HTTP-based applications or transactions would benefit from the same horizontal-scaling model. Many applications never use HTTP, and others might use HTTP only as the transport, such as Web services. Traditional Web or application switches can’t do the job because HTTP is the only type of traffic they can act upon.

To extend the benefits of horizontal scaling to all IP applications, the load-balancing device needs to inspect deeper than the URL or HTTP header and into the IP datagram. Now companies can use the same architecture for non-HTTP back-office applications to provide the same economies of scale and operational efficiencies that traditional load-balancing devices have provided.

Deep packet inspection addresses this problem. This technology directs, persists, filters and logs IP-based applications and Web services traffic based on content encapsulated in a packet’s header or payload, regardless of the protocol or application type. With deep packet inspection in place through a single intelligent network device, companies can boost performance without buying expensive servers or additional security products.

Complete view

Deep packet inspection lets the application traffic management device delve into the content of a TCP or User Datagram Protocol (UDP) flow for a complete view. This is accomplished by reassembling IP datagrams, TCP datastreams and UDP packets as they flow through the device to view the entire application content and then act on it according to a company’s defined policies.

Through standard TCP/IP networking, messages are broken down into small packets so they can quickly traverse the network. The application traffic management device or load balancer intercepts the data on its way to the final destination, reassembles it into its original sequence and buffers it into memory.

By acting as a partial proxy for specific application data flows, the traffic management device continues to build the message so that more content can be seen, while searching for defined variables on which to act. Users configure these variables in a rules or policy engine that enforces those polices based on the application type, its source or its final destination.

Optimum transit

Once the traffic management device locates the information in the payload, it sends the data to the application or resource that can best process the client’s request. The application traffic management device then can virtualize or horizontally scale any IP-based application. Deep packet inspection also can be used to inspect transactions for correct application or service variables. If these variables aren’t present, the request is discarded, the event is logged and an alert is sent to an administrator.

Because deep packet inspection can recognize any element of a packet, it can be used to manage traffic for any type of IP-based application, including enterprise applications such as CRM, databases, mobile and wireless applications, and Web services. At a large company, for example, a traffic manager with deep packet inspection capabilities could be used to distinguish between read and write traffic to database servers. The company could save money by purchasing less-expensive servers to handle the read traffic.

Deep packet inspection provides detailed control of all IP traffic, letting businesses meet complex security and high-availability requirements while gaining operational efficiencies.

Giesa is senior director of product management for F5 Networks. He can be reached