New load balancing software from switch maker Foundry Networks, announced next week and due to arrive in September, will give more intelligence to websites’ request processing, and improve security.
Although enterprises have different load balancing needs to service providers, the software was aimed equally at both, said Foundry.
“Enterprises want intelligence first, while ISPs want scalability and performance first,” said Gopala Tumuluri, Product Marketing Manager for layer 4 to 7 at Foundry Networks. Following the telecoms downturn, Foundry’s business is split almost equally between telecoms providers and businesses, he explained, so enterprises can expect their needs to get high priority.
Load balancing, which directs web requests to the most efficient server, and shares the processing load between firewalls and other network equipment, has become a steady earner, making perhaps ten percent of Foundry’s business (though the company does not quote exact figures).
It emerged as a niche area in the late 1990s, and became a hot topic during the dotcom boom of 2000, with Cisco and Nortel buying specialists Arrowpoint and Alteon, for $5 billion and $7 billion respectively. While there is no longer that kind of heat in the market, Foundry sees it as crucial: “There is a market out there to capture,” said Tumuluri.
TrafficWorks Ironware Version 9, which runs on Foundry’s ServerIron load balancers, will let businesses switch traffic to different e-commerce web servers according to XML tags as well as URLs and cookies, so each transactions can be sorted between servers according to the business process required.
“If an inventory request comes in from the client, it can direct it to the right group of servers,” said Tumuluri. Although specialist vendors such as Sarvega, DataPower, Forum Systems and Base-x Foundry appears to have beaten the other mainstream vendors, such as Cisco and Nortel to the punch.
The new software will also switch traffic by HTTP header, so different traffic can be routed to specific servers according to which language, or even what device (a PDA or a desktop) the customer is using. It also balances loads upstream, a Link Load Balancer divides outgoing requests betwee multiple ISP links, according to performance. “This avoids the complication of the BGP protocol, or the waste of keeping your back-up ISP link idle,” said Tumuluri.
The performance has been doubled, said Tumuluri, using the features such as the ability HTTP 1.1 offers, to open multiple users’ requests to the server in one session. “Servers get to do what they are supposed to do, as opposed to connection management,” said Tumuluri.
The new version should also help avoid denial-of-service attacks by acting as a Syn proxy. In a “Syn flood” denial of service attack, an attacker sends large numbers of SYN packets -- the first part of the three-part TCP/IP handshake. The Foundry switch will not hand those requests on to the server until they are confirmed by an ACK packet, saving server load as well as preventing the attack.
Since many organisations use load balancers in pairs or multiples, Foundry has given the ability to manage of multiple devices, synchronising the HTTP filtering rules, pushing out new configurations and rolling back to previous ones. “Manual configuration takes more time, and introduces errors,” said Tumuluri. Foundry says it is the first vendor certified to work with Check Point’s Next Generation firewall.
The new version is a free upgrade to customers with maintenance contracts, and will ship with all new ServerIron switches from this summer.