Hardware implements layer-4 to layer-7 Switching

A layer-3 switch is an unfamiliar product in the industry. Although it is much better than the data forwarding function of a traditional router, it is still suspected that a layer-3 switch can completely replace a router. The reason is probably because a layer-3 switch does not yet provide a complete route selection protocol, and people need a router, not only because it provides the routing function, it also has layer-4 network management capabilities. Now, Extreme Networks has proposed a new application exchange technology that can integrate layer-4 to layer-7 switching capabilities into a silicon chip, use hardware to identify the application or service that each packet on the network belongs to and distribute it to the appropriate path. This silicon-based solution can process tasks over Gigabit Ethernet at line speed. Therefore, when you add smart applications to the network of an enterprise or business supplier, new applications do not compromise network performance.

Software Load Balancing Defects

Currently, there are three types of devices that use software to implement Server Load balancer tasks: devices built on the PC platform, layer-3 switches with General CPUs, and network processor-based systems.

If only the simple Traffic switching Traffic cops function is completed, the performance of these products is acceptable to users. For example, a software-based Server Load balancer device using a CPU or network processor can use the layer-3 IP address in the first packet in a session, to determine how to process the subsequent data packets sent to the same destination address. However, such a simple function is the same as that in a router. It does not allow the network administrator to achieve profitable application management by adjusting the network. When IT experts try to use software-based Server Load balancer devices for more intelligent exchanges involving application layer data, such as URL exchanges to Improve the Performance of High-end websites, as well as the continuous cookie tracking in e-commerce applications to identify users, the speed issue becomes more serious.

The key to the problem lies in that the information required to complete these functions is buried inside the data packet, which only appears once when the network session is established. This requires software-based load balancing devices to monitor the interior of each session packet. For example, using URL exchange, this monitoring process must repeat each object on each webpage, and a webpage can easily contain more than 25 objects, software Processing leaves the switch a huge workload.

Software-based Server Load balancer devices that rely on general-purpose CPUs or network processors cannot mobilize computing capabilities in any near real-time manner to complete switching tasks. The use of intelligent application identification functions similar to URL exchange can reduce the performance of all these devices by more than 90%, resulting in slow response to end users, resulting in serious latency and performance deterioration. What's worse, this is only a network problem. A software-based Server Load balancer device is used to compete for communication among multiple networks, it will soon become a bottleneck-the bottleneck of other networks as well as its own.

Finally, software-based Server Load balancer devices are driven by general-purpose CPUs or network processors. Service providers and enterprise users using these Server Load balancer devices are taking risks. It is impossible for them to expand their businesses to quickly keep up with the growth of new customers or end users, so they cannot create new revenues.

Advantages of hardware exchange

Extreme's application exchange technology enables all network functions, including analysis, termination, initiation, and even modification of wire-speed Gigabit TCP sessions, all implemented by hardware, the complex software, general-purpose CPU, and network processor are removed.

In the past, existing solutions relied on complex software to work with a general-purpose CPU or network processor to complete the same load balancing task. Currently, Extreme Application Technology is based on PxSilicon. PxSilicon is a unique chipset with excellent performance. Compared with existing solutions in the past, PxSilicon has a performance of several orders of magnitude higher.

The transfer of network functions from software to silicon wafers is not a new idea. In the late 1990s S, the transfer from a software-based Router to a layer-3 Switch Based on a dedicated Integrated Circuit ASIC was an example. When the network technology is integrated into the silicon wafer, the performance will be significantly increased, while the total cost of ownership will be greatly reduced. We can think like this: at any time, silicon technology is better than software.

This simple but excellent solution has an intuitive result: service providers and enterprise users can freely set any rules required by network applications and businesses without sacrificing the 1-bit performance of line rate. This is not only a theoretical advantage. for multimedia applications, If you process sessions from hundreds of thousands of users to the video server, it is like processing a session, this advantage involves making money and losing money.

The platform that Extreme first implements this new technology is the SummitPx1 Application Switch. The SummitPx1 application switch supports a fully complementary layer-7 Application exchange function, including the ability to perform syntax analysis on Web requests, the ability to redirect connections to the most suitable web server based on the requested content and server capabilities.

The server selection algorithm of the SummitPx1 Application Switch includes loops, weighted loops, least connections, and weighted least connections. It can also track the client's IP records and set cookies for the client's status) performs a merge operation to automatically detect and track cookies, process cookies recognized by the server, and support continuous Secure Sockets Layer SSL) session ID ).

New Features

If a user has multiple servers in the data center, he can use only a few servers and gain more benefits from his applications to maximize the use of network resources. Content-based network applications, such as cookie and common resource location information URL in Server Load balancer applications using hypertext transfer protocol HTTP) are designed to improve server performance. Opening these applications on a software-based Server Load balancer or a switch based on a CPU/network processor reduces the efficiency of the entire website. With Extreme's application exchange technology, the advantages of the above applications can be fully reflected without affecting the performance. Extreme's application exchange technology has the following advantages:

With pattern matching and wildcards, you can create up to 1 million URL rules. These rules can be used to process Layer 7 connections and Layer 4 connections of 0.5 million application recognition methods, that is, a total of 1.5 million connections can be processed.

Users can shorten the website response time and optimize the server performance. With the application exchange technology with the content recognition function, static content requests can be transparently redirected to the fast storage server of the web page, while dynamic content requests are directed to the application server.

Further analysis of the application exchange technology makes it possible to implement other data center applications based on server performance. These applications include:

Massive Frame Conversion. The Internet client continues to use standard frames, and the server can gain an advantage by transmitting very large data blocks within a single frame. The online speed of the Application Switch satisfies both the client and server, and achieves higher network performance with fewer servers.

Accelerate SSL ). The Application Switch performs session-oriented encryption and Data Packet Authentication. By removing this heavy burden from the application server, network administrators can optimize the performance of the application server to maximize profits from these critical network resources.

Firewall Load Balancing (FLB ). With the FLB function provided by the Extreme application switch, users can achieve load balancing on the second and third layers of firewalls, including support for static and dynamic Internet content.

When the layer-3 Switch of Extreme is used, additional security functions can be used to implement user authentication, TACACS +, RADIUS, encryption, key exchange and access control list (ACL) using SSH2, etc.

Technology Development Trend 　

The ability to process 1 million URL pattern rules at a gigabit speed allows people to rethink the network design of the data center. This also requires people to implement some of the features we are working on. These new features include:

Backbone Networks with content recognition capabilities. In the network system of the data center, it is meaningful to place the application exchange technology at a higher level rather than directly at the front of the server based on the throughput capacity of gigabit bits. Place the Application Switch on the core or allocation layer, so that network managers can allocate network resources at a lower cost. In this way, the network requires fewer devices to be moved, added, and changed, as well as fewer devices to be purchased, and more devices are placed in a centralized manner.

Virtual Server Load balancer (vLB ). Whether a user is a large enterprise or a supplier that provides value-added website services, the following rules apply: the person who designs and operates the network will never be the one who understands the server site the most. Virtual Server Load balancer extends your network to an unprecedented level, allowing you to manage several sites in one network.

Although the advantages of the line rate Server Load balancer and session persistence functions are irrefutable, network managers must have knowledge about the website to make full use of the website. Extreme is developing a hierarchical capability for the Application switch, which is used to achieve a wider range of management capabilities required by the network administrator, allows the website administrator to manage the domain of the website, the associated URL search and cookie persistence rules.

As layer-3 switches support more and more protocols, the myth that routers cannot be replaced will be broken. Some devices with low-speed connections are gradually eliminated, and the router routing function will be completely replaced by the switch. In the future, after the real routing switch that can be implemented by hardware, the routing switch will also have the features that traditional routers cannot achieve, the vro and vswitch boundaries may be divided again.