In our earlier tutorials on Content Switching and Load Balancing, we looked in some detail at how content switches work and how they can improve your network performance. But there are lots of vendors selling content switches - how can you tell which one is best for you?
Unlike traditional Layer 2 and 3 LAN switches, content switches deal not with frames and packets, but with complete sessions, so the amount of sessions that can be supported is more important than raw data rates. However, it's important to remember that one web page accessed by a user does not equal one session. Multiple, often short-lived, TCP sessions will be needed to get all the individual objects that make up a screen of content.
There are two aspects to consider when deciding if a content switch can provide performance: session set up rate and the number of simultaneous sessions. If it's slower at setting up sessions, not only will your users experience greater delays but the switch will also have to be able to handle more concurrent sessions, since it won't be able to set them up and get them out of the way as quickly. In most cases, it is the amount of sessions that can be set up per second that is most important to you. The ability to support millions of simultaneous sessions may be pretty irrelevant, regardless of what the salesman says, if your users are left waiting with half-built web pages.
Layer 4 vs. Layer 7 switching
Just because a content switch is good (ie. fast) at Layer 4 switching, does not necessarily mean it will be any use for switching based on Layer 7 information. Layer 4 information always appears at the same place within a packet's IP header, so ASICs can be built specifically to look at that point. With this done in hardware, manufacturers can build switches that can quote very high switching rates at Layer 4.
Layer 7 information is going to be in different places within packets and cannot be inspected in the same way. So Layer 7-capable switches are different beasts from the more straightforward Layer 4 devices. If you are only looking for a Layer 4 switch, don't pay the extra to get decent Layer 7 capabilities. But if you do need a significant amount of switching done based on upper layer information, make sure that the figures your vendor is quoting are relevant to what you actually need to do.
You'll have to decide what other content-related functions you need to support and whether you want to do this on the content switch itself, or buy a separate dedicated device. Do you want one all-powerful box, or multiple cheaper ones with the extra administration and interoperability issues that involves?
For instance web caching, which used to be a common function of content switches, is now typically available as a (cheaper) standalone device. Web caches are usefully deployed at remote sites, to free up WAN bandwidth by providing content locally (see Caching Network Traffic) and you don't necessarily want to deploy full content switches at all of these sites.
SSL is another function that can be done within the content switch or separately. It can be a good idea to terminate SSL connections in the network, rather than on the server, since SSL does create a fair bit of processing overhead that your servers could better use to process user requests. Plus, if you want your content switches to load-balance traffic, based on packet contents, they have to be able to read them, which is why SSL termination is included as an option with many content switches. But, because it's processor-intensive, it's not a cheap option so you may be better going for a separate device. If you do you have to design your network to handle the traffic passing between it and the switch.
You'll also have to consider how important resilience is and whether you need some sort of stateful failover configuration, or if it's OK - if it's just for internal use, perhaps - for users to have to reconnect if a switch fails. Some switches let you configure this by traffic type, so that critical flows can retain state but you do not waste memory or processing resources synchronising less important traffic flows. Different switch manufacturers have different models, some connecting directly to the servers, firewalls etc that you're load balancing, while others are designed to plug into a server farm LAN switch to provide the port density, so you can choose whichever suits your environment best.